Can I use an SSL certificate that I already bought elsewhere?
Applies to: Grid System
If you have already own your own SSL certificate that you purchased elsewhere, you can use it here to enable SSL for your website ONLY if it was purchased from either Thawte, Verisign, or RapidSSL.
We will not install SSL certs purchased from any other Certificate Authority except the above three. If the SSL certificate that you already have was not purchased from one of the above three CA's, then you will have to buy a new one.
If you already bought your own SSL certificate from one of the 3 CA's above, then you do not need to purchase a new certificate. However, there is still a setup fee which covers our installing the certificate, keys, and any chain certs on our servers for you. Please see our pricing located here.
In order for us to host an SSL certificate that has already been issued for your website, we need the following items from you:
- The complete hostname that the cert was issued to, for example "secure.yourdomain.com"
- the SSL certificate KEY file, with any passphrase removed.
- the SSL certificate CRT file in Standard Certificate Format for Apache ModSSL
- the CSR (Certificate Signing Request) file that was used to request the certificate from the vendor
- the Order Number for the cert at the vendor where you bought it (optional)
- a URL and any password needed for re-downloading the cert directly from the vendor (optional)
The above information should be placed in files with self-evident filenames and uploaded to your home directory here. Then contact support and notify us that you want to use your own SSL certificate and tell us where you have placed the files that contain the required information.
The Key and CRT files must be PEM (base64 encoded) X509 format, in a plain text file, and not in MS Word or any other format. If you use FTP to upload these files to your home directory on our system, make sure to transfer the files in ASCII mode and not BINARY mode. Files uploaded with FTP in BINARY mode will not be usable. The body of a properly formatted CRT or KEY file has exactly 65 characters per line, except for the last line.
The body of a CRT file is enclosed by the following text:
The body of a KEY file is enclosed by the following text:
The CRT and KEY files that you need to provide us with must include all the BEGIN and END text, including dashes, and be in the proper format.
KEY files must not have any passphrases. To check to see if a KEY file has a passphrase on it, look at the contents of the KEY file. If it contains any text after the 1st line like:
then it has a passphrase which you must remove.
You could also check to see if it has a passphrase by uploading the KEY file (for example, yoursite.key) to your home directory here, and then typing the following at a shell prompt:
If the KEY has a passphrase, the command above will cause it to prompt you for the passphrase.
We do not accept keys with passphrases, so if yours has one, you will either need to ask your last webhost to give you your key without the passphrase, or, if you know the passphrase, you can remove it yourself by uploading the key to our system,
getting a shell prompt here, and then typing the following command all on a single line (the line might look wrapped in your browser):
The command above will prompt you for the passphrase. If you correctly enter it, it will recreate the key file without no passphrase, which is the way we need to receive the file from you. If you incorrectly enter the passphrase, you will get an error.
If you have a key protected by a passphrase and you have forgotten it, we cannot help you recover it, the key cannot be used, and you will need to buy a new certificate.
22961/0%Last update: 2010-10-03 17:00
Author: FAQ Admin
You can comment this FAQ
Comment of Anonymous:
This is what a key file looks like:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
This is what a CRT looks like:
Added at: 2003-11-11 22:30
Comment of Anonymous:
If you lose the KEY file, or if there is a passphrase on the KEY that you can't remember, then your certificate is useless and you will need to buy a new one.
All certs are issued against a specific KEY and without the KEY, the CRT can't be used.
Added at: 2004-01-04 17:24