Trying to purchase an SSL certificate


#1

I am trying to purchase an SSL certificate for a domain that I temporarily hosted at DH. When I get to the end of the form, I am forced to select one of the email addresses that used to be associated with that domain at DH. The site is now hosted somewhere else but they don’t offer shared cert’s and I don’t feel like paying $149 for a dedicated one. I don’t understand why these email boxes (5) still show up here when I’ve deleted the domain from DH.

Jeff


#2

Part of the SSL certificate ordering process requires that Comodo (our SSL provider) send you an email at one of a few specific addresses associated with the domain. Comodo generates the list of acceptable emails based on the WHOIS data for the domain, plus a few standard addresses (e.g, “webmaster”), and that list is what we show you in the order process.

We can’t bypass this process, nor can we directly control what addresses Comodo comes up with. If you don’t have any of those addresses set up, or if you don’t have access to them, you’ll need to change that to make the order go through.


#3

Oops! My Bad. I just assumed they were coming from the deleted DH account. My apologies, sir. I will continue with the process now.

Thanks,
Jeff


#4

Just create a webmaster@domain address. It can be a “forwarding only” email if you have a limited number of email addresses available at your current host. You’ll be sent a link that you must follow in order to prove to Comodo that you’re the domain owner, so be sure you have access to read the email sent to the account you specify during the process.


#5

Btw, can you give me an idea how long it usually takes to hear back from Comodo? I’m in a hurry (isn’t everybody?)
Thx,
Jeff


#6

The process is fast. You’ve probably completed it before reading this reply.


#7

Well, I would’ve hoped so. But I am still waiting for the email to confirm.

jeff


#8

Okay, so I got the certificate yesterday and now my Web host (not DH) says they can’t use it because it doesn’t include their CSR.
In the DH Web Panel for ordering certificates, it states you can purchase for sites not hosted at DH. So, at $15 this seemed to be the way to go. Now I have a useless certificate that cost me $15 and have to go order a new one.

Jeff


#9

The host that you’re trying to use the certificate with is likely trying to rip you off (and get you to buy a certificate through them). There’s absolutely no technical reason that the certificate you got wouldn’t work with another host.


#10

Then what IS a CSR for?

jeff


#11

#12

A CSR (Certificate Signing Request) is a file that’s used as part of the process for ordering an SSL certificate. Once the certificate has been issued, it’s no longer relevant.


#13

Is the CSR always required or not? My Web host gave me the CSR to use. When I go directly to Comodo to order, it never asks for a CSR.


#14

Is this an actual real webhost or a WHM/CPanel reseller?


#15

How can I tell? It’s a new host to me as of a week ago.

Thx,
Jeff


#16

Panel > Domains > Secure Hosting

  • Click View next to your new certificate

  • Click Keys on the following page

“Certificate” - they might know this as a “CRT”

“Private Key” - this is called the same thing across most systems

“Intermediate Certificate” - they might know this as a “CA BUNDLE”

That’s all the details they need. If they insist that they can’t work with that data then they either don’t know what they’re doing (which is really common), or as Andrew has said they might trying to con you into buying a certificate through them.


#17

It’s only required at all for certain workflows (specifically, when you generate the key yourself, send the SSL provider a CSR for that key, and receive a signed certificate). If your SSL provider generates the key for you too — which some will — the CSR ends up only being used internally by them. Once you have both a key and a certificate in hand, the CSR is useless. It’s a record of how your certificate got generated, and it isn’t needed to run your site.

As far as figuring out whether your web host is using cPanel, take a look at the URL for their web panel. If it’s got “:2082” or “:2083” in it, it’s definitely cPanel. Same goes if you see cPanel mentioned in the credits. If not, it might be something else.


#18

So, you’re saying I should still be able to use the original cert I purchased from DH somehow? Isn’t there server information and IP address embedded in the SSL certificate?

Okay, first of all, it’s not a cPanel. It’s a very crude no-frills control panel. The reason I had to go with them was because I am resurrecting a ColdFusion Web site from someone who abandoned ours. But we can’t take it over at the same Web host because the domain name still exists on that server and the host will not remove it because the account it’s under is still live with other domains. I found that there are not many decent ColdFusion hosts at a reasonable price. These guys are. In fact, they’ve been very helpful getting some previously hard-coded CF hacks to work on their server using mod-rewrites. And, they told me they don’t sell shared cert’s so it would cost me $149 if they ordered a cert for me, but suggested I just get one from GoDaddy (whom I despise). I thought I could get it from DH since their panel says you can purchase a cert even if your domain is not hosted at DH. I have 5 other domains hosted here at DH so I figured it was easiest to get the cert here too. AFAIK, the host for my other domain is using Tomcat under IIS - does that make sense? That’s what they said. I thought Tomcat was for Linux. Anyway, they’ve now given me a CSR but there doesn’t seem to be anywhere to enter it in the Comodo order form.

I am grateful to the info you guys are providing. I have never had to purchase a cert’ from somewhere other than the Web host for a particular domain.
jeff


#19

Ask if they could try to add you keys into the tc keystore they setup for you.

Save the Intermediate Certificate contents into a TXT file as inter.crt and Private Key as sslcert.crt

keytool -import -trustcacerts -alias INTER -file inter.crt -keystore [your_keystore] keytool -import -alias [friendly_name_they_used_for_the_CSR] -file sslcert.crt -keystore [your_keystore]

Worth a shot anyway.