Proper functioning of a server certificate depends on the successful installation of intermediate and root certificates. The complete SSL.com certificate chain typically includes four files:
|CERTUM_TRUSTED_NETWORK_CA.crt||Root 1 Certificate|
|SSL_COM_ROOT_CERTIFICATION_AUTHORITY_RSA.crt||Root 2 Certificate|
|your_domain_here.crt||Signed Server Certificate|
Many systems require your certificate files to be in a particular format. Thus, we also provide certificates in server bundles which are compatible with specific server environments.
Downloading Certificate Files
Your SSL.com account includes a page with information for each certificate you order. The Certificate Download table on your Order page includes links to server bundles for the most widely used server platforms.
Please locate your desired platform in the Certificate Download table. Click the link to retrieve your most recently issued certificate files, or (if needed) installation instructions:
The server bundles listed in the Certificate Download table includes retrieve bundle files for lesser known platforms here.server environments. However, you can
You’ll notice that the last two links of the certificate download table do NOT explicitly refer to a server platform:
- Other platforms: Provides a .ZIP file with all the relevant certificates (2 roots, 1 intermediate, 1 server certificate)
- Intermediate certificates (ca chain bundle): Provides a single concatenated file containing 1 intermediate and 1 root certificate file.
SSL.com offers the option to reprocess certificate orders as many times as you require, at any time during that certificate’s lifespan and usually at no extra cost.
Reprocessing generates an entirely new certificate for you and is useful if details such as your web hosting environment, domain name or other information changes. Select the “change domain(s)/rekey” link under the Action header at the top of your certificate order page to start the reprocess:
If your hosting environment has changed, or if you’ve lost your Private Key, you can simply generate a new Certificate Signing Request (CSR) using a new key pair. However, if your server environment hasn’t changed you can choose to take advantage of the “use previous CSR” button next to the empty text box:
The certificate status in your account will change once a reprocess has been initiated. You will then need to validate your new certificate request in order to complete the process.
When a new certificate is issued or reprocessed the details will appear in your Certificate Order page:
General information like server platform, time of issuance, and date are also visible in this section of the page. Information for both the current and any previous certificates is also shown in this section.
The three main items displayed are:
- Certificate Signing Request (CSR): The encoded message that has been digitally signed by the author of the CSR.
- Signed Certificate: The issued server certificate which is authorized to secure a specified domain(s).
- Issued Domains: The host names currently secured by a signed certificate.
Information such as signature algorithm, validity, and serial number are all displayed within the certificate contents box.
In some cases multiple certificates are issued with the same host name but using different CSRs. The information in the certificate contents box can help to differentiate between certificates with similar host names:
- Serial number: The numbering system used by a certificate authority that uniquely identifies an issued certificate.
- Signature Algorithm: The encoding and digital signing algorithms specified when generating a certificate request.
- Subject Alternative Name: The extension of the X.509 certificate standard used to protect multiple host names under a single SSL/TLS certificate.
- Validity (Not Before; Not After): The period of time an SSL/TLS certificate is authorized to operate.
Thank you for choosing SSL.com! If you have any questions about your certificate order, please contact us by email at <a href=”mailto:Support@SSL.com”>Support@SSL.com</a>, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page.