Renewals
|
Note: Certificates may be renewed beginning 90 days prior to the current expiration date. |
Overview
Each year, SSL certificates much be renewed, configured and installed prior to their expiration date in order for functionality to continue and not be disrupted.
| Step | Description | Who | Where | |
|---|---|---|---|---|
| 1 | CSR Generation | To start the Configuration Process, a CSR Key must be created using the web server hosting your website. | You | Typically In your hosting control panel |
| 2 | Certificate Configuration |
The following information is gathered and sent to the certificate vendor for validation:
|
You | The Not Configured section of the SSL Management page in your Webnames account, here. |
| 3 | Validation | The certificate vendor validates the authenticity of your order and your ownership of the associated domain. Validation is performed differently for different types of certificates | You and the certificate vendor | Typically via email. |
| 4 | Issuance | Once validation is completed, the SSL certificate is delivered by the certificate vendor via email to you | You | Typically via email, but will also appear in the Issued section of the SSL Management page in your Webnames account, here. |
| 5 | Installation | Once received, the SSL certificate is copied from your email and installed on the web server hosting your website. | You | Typically In your hosting control panel |
| 6 | Site Seal Installation | As an optional last step, the site seal from the vendor is installed on your website to show visitors that your website is secure. | You or your webmaster | In the code of your website |
Renewal vs. Repurchase
At Webnames, the difference between renewing an SSL Certificate and purchasing a new SSL Certificate (for the same name) is simply that when choosing the renewal option, we reuse your configuration data from the last purchase/renewal. This configuration data includes the CSR as well as the SSL Contact Information selected.
Certificate Authority (CA) requiring a new CSR Key
While most renewals do not require that a new CSR be utilized, there are two scenarios where a new CSR key is necessary:
- The server or contact / organization information has changed since the last certificate renewal
- The server type which the certificate is installed utilizes a CSR format in which each CSR is unique, and cannot be reused.
The following web server types require that a new CSR key be used upon each SSL Certificate Renewal:
- All versions of Microsoft’s IIS server
- Tomcat servers
- All Java based servers
For these server types, begin the Renewal process by obtaining a new CSR (or ‘Renewal Request) from the relevant web server.
| NOTE: For certificates being renewed for use with Webnames' Value, Advantage, Pro and Elite hosting, if no organizational changes have occurred, a new CSR key is not required. |
See: Generating CSR certificates
Renewing an SSL Certificate
Once a current CSR key has been obtained, or if your server type does not require that a new CSR key be used for the purposes of renewal, perform the following steps:
- Once logged into your account at www.webnames.ca, browse to:
Account > SSL Certificates > Renew button
- Proceed with payment via our website Shopping cart.
- Once the payment for the renewal is complete, returned to:
Account > SSL Certificates > Configure button
- If your server type requires a that a new CSR key be used, paste in the aforementioned CSR key in its entirety.
- Specify the SSL Contact information for the Certificate. Typically this is the domain’s existing Administrative, Billing and Technical Contact information is the best information to use. Do not use any shift characters in any of the enrollment fields. If your company has an & or @ symbol in its name, you must spell out the symbol or omit it from the related Contact field.
| Note: *This information should match the WHOIS information for the domain. Additionally, the WHOIS information for the domain must be publically viewable so that the applicant information submitted via this step can be verified via a WHOIS lookup by the Certificate issuing party (GeoTrust, Symantec etc.). |
- Click Continue to Proceed to the next page.
- Specify address that the Approval email and eventual SSL Certificate will be sent to once generated. Only the Administrative email address of the domain, as well as several predetermined generic alternatives can be used.
- Proceed through the Shopping Cart to complete your purchase
Approval and Validation
For most certificates types wherein the same CSR and contact information is reused from the previous renewal (or initial purchase etc.), the validation process by the SSL vendor is not necessary, and thus not performed.
Issuance
The renewed SSL Certificate is issued in the exact same manner as a newly purchased certificate.