E-commerce

ID #247

Can I use an SSL certificate that I already bought elsewhere?

Applies to: Grid System

If you have already own your own SSL certificate that you purchased elsewhere, you can use it here to enable SSL for your website ONLY if it was purchased from either Thawte, Verisign, or RapidSSL.

We will not install SSL certs purchased from any other Certificate Authority except the above three. If the SSL certificate that you already have was not purchased from one of the above three CA's, then you will have to buy a new one.

If you already bought your own SSL certificate from one of the 3 CA's above, then you do not need to purchase a new certificate. However, there is still a setup fee which covers our installing the certificate, keys, and any chain certs on our servers for you. Please see our pricing located here.

In order for us to host an SSL certificate that has already been issued for your website, we need the following items from you:

  1. The complete hostname that the cert was issued to, for example "secure.yourdomain.com"
  2. the SSL certificate KEY file, with any passphrase removed.
  3. the SSL certificate CRT file in Standard Certificate Format for Apache ModSSL
  4. the CSR (Certificate Signing Request) file that was used to request the certificate from the vendor
  5. the Order Number for the cert at the vendor where you bought it (optional)
  6. a URL and any password needed for re-downloading the cert directly from the vendor (optional)

The above information should be placed in files with self-evident filenames and uploaded to your home directory here. Then contact support and notify us that you want to use your own SSL certificate and tell us where you have placed the files that contain the required information.

The Key and CRT files must be PEM (base64 encoded) X509 format, in a plain text file, and not in MS Word or any other format. If you use FTP to upload these files to your home directory on our system, make sure to transfer the files in ASCII mode and not BINARY mode. Files uploaded with FTP in BINARY mode will not be usable. The body of a properly formatted CRT or KEY file has exactly 65 characters per line, except for the last line.

The body of a CRT file is enclosed by the following text:

-----BEGIN CERTIFICATE-----


and

-----END CERTIFICATE-----



The body of a KEY file is enclosed by the following text:

-----BEGIN RSA PRIVATE KEY-----


and

-----END RSA PRIVATE KEY-----



The CRT and KEY files that you need to provide us with must include all the BEGIN and END text, including dashes, and be in the proper format.

KEY files must not have any passphrases. To check to see if a KEY file has a passphrase on it, look at the contents of the KEY file. If it contains any text after the 1st line like:

Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,D378ED0C676F0F54



then it has a passphrase which you must remove.

You could also check to see if it has a passphrase by uploading the KEY file (for example, yoursite.key) to your home directory here, and then typing the following at a shell prompt:

openssl rsa -noout -text -in yoursite.key



If the KEY has a passphrase, the command above will cause it to prompt you for the passphrase.

We do not accept keys with passphrases, so if yours has one, you will either need to ask your last webhost to give you your key without the passphrase, or, if you know the passphrase, you can remove it yourself by uploading the key to our system,
getting a shell prompt here, and then typing the following command all on a single line (the line might look wrapped in your browser):

openssl rsa -in yoursite.key -out yoursite.key



The command above will prompt you for the passphrase. If you correctly enter it, it will recreate the key file without no passphrase, which is the way we need to receive the file from you. If you incorrectly enter the passphrase, you will get an error.

If you have a key protected by a passphrase and you have forgotten it, we cannot help you recover it, the key cannot be used, and you will need to buy a new certificate.


Last update: 2010-10-03 17:00
Author: FAQ Admin
Revision: 1.2

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You can comment this FAQ

Comment of Anonymous:
This is what a key file looks like:

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDYkxgJlqIgdkMd0m8BV8I26lPWcJ3wRORK9YdZDYePOw+/NiPJ
nE/ws8ZrB3ryt4XgSkxJ6PowdMuaePkEoca8mjFFG0aDhn65a1cHP3W8CUM+1Dcq
g5Vp751uKU33VXfvCZQqWBQdt2e25qVFdV8ulRSgWocyIcyE2rsdb7xDywIDAQAB
AoGAEIvUZ08h3dcLM6kTIAgjZ2ypsRVzi5rH0k5F4/DbrX62qkYpn8qYdOxXOXAd
3ZNV4BftEiyBiNgzgf7CD6+IblZUqkc1dUc96AJH16CUXM/favAHhIoSdyhrnAH8
O9UN1KxlzUpvLDOelbOdL4/4sQ0XXqd9DJcZkeKc4zCi35kCQQD43SlsTDBeO7ae
Ig5qnJ/g2V2V4bPh1xTH7LjxthsksOqPUEt3DgRmRVq+qeDyyxN49V9uFYf8oXDl
1FchPranAkEA3sjny2sxBNIBGtPVLGFl+aukBRkNOdmssVcBudsnigOEL0lbd4Wu
07ok0zeCuAu+yHRYJKY4eqWVGQJ/DtUSPQJBAIqxVuCQJXSe+stuV3J7D28UNN/P
BZ0bbO1utDOhNcdhAZgVO7mCClmk1UnlCwTEwHls5l5HiZ31qyGrEVPpy4kCQDfR
VmIdBTcT9rrmAC8SaB5Z5spwMGQiKaZ1CjWqtwlZQDEozAXyNI9PwBI7gkDikHZg
0AS+sL/p5KVTfsoUkHECQQDWCSgpZ8k7EajS1RWIGH/GcFT/GaKX8yiMIP2S3Atc
nl7yMj8yw+1N503FF0aRwimryXQt/VHVYjtYsSAgNU/i
-----END RSA PRIVATE KEY-----

This is what a CRT looks like:

-----BEGIN CERTIFICATE-----
MIIDRDCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCWFkx
FTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25ha2UgVG93bjEXMBUG
A1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRpZmljYXRlIEF1dGhv
cml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZIhvcNAQkBFg9jYUBz
bmFrZW9pbC5kb20wHhcNOTkxMDIxMTgyMTQ2WhcNMDExMDIwMTgyMTQ2WjCBqTEL
MAkGA1UEBhMCWFkxFTATBgNVBAgTDFNuYWtlIERlc2VydDETMBEGA1UEBxMKU25h
a2UgVG93bjEXMBUGA1UEChMOU25ha2UgT2lsLCBMdGQxHjAcBgNVBAsTFUNlcnRp
ZmljYXRlIEF1dGhvcml0eTEVMBMGA1UEAxMMU25ha2UgT2lsIENBMR4wHAYJKoZI
hvcNAQkBFg9jYUBzbmFrZW9pbC5kb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBANiTGAmWoiB2Qx3SbwFXwjbqU9ZwnfBE5Er1h1kNh487D782I8mcT/CzxmsH
evK3heBKTEno+jB0y5p4+QShxryaMUUbRoOGfrlrVwc/dbwJQz7UNyqDlWnvnW4p
TfdVd+8JlCpYFB23Z7bmpUV1Xy6VFKBahzIhzITaux1vvEPLAgMBAAGjejB4MBoG
A1UdEQQTMBGBD2NhQHNuYWtlb2lsLmRvbTAPBgNVHRMECDAGAQH/AgEAMDYGCWCG
SAGG+EIBDQQpFidtb2Rfc3NsIGdlbmVyYXRlZCBjdXN0b20gQ0EgY2VydGlmaWNh
dGUwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBBAUAA4GBAImhzPY4PBRt
PQbAQBAmHIBRcb69iTbFC+dghnVJQ3F549rZapY420kQDKQ6aCybPFmxJ/Rf27gY
FuAuo+B8EEVX0lU8VUSEhYQedODnQ3skwcT02g4b33GkzH7ED2N9kaa6U65UUrcE
KXJgz7tmAQHnTc9K1g2qIApIjnr3FrrJ
-----END CERTIFICATE-----
Added at: 2003-11-11 22:30

Comment of Anonymous:
If you lose the KEY file, or if there is a passphrase on the KEY that you can't remember, then your certificate is useless and you will need to buy a new one.

All certs are issued against a specific KEY and without the KEY, the CRT can't be used.
Added at: 2004-01-04 17:24