Using Third-Party SSL Certificate
To use an SSL from another company, you will need to complete the following steps:
- Fill out the CSR form to receive a CSR and RSA key.
- Purchase your SSL certificate (if you haven't already) and send the certificate issuer the CSR (Not the RSA Key) from step 1.
- The certificate issuer will provide an SSL Certificate as well as an SSL CA Certificate (Trusted Authority) (sometimes called a "CA Bundle").
Note: These may be provided as .crt files. If the text for the certificate or bundle are needed, these files may be opened in notepad.
- Once you have obtained your SSL Certificate, log in to your cPanel, and scroll down to SSL/TLS within the Security section.
- Here you will be presented with several options, click on Manage SSL sites under the Install and Manage SSL for your site (HTTPS).
- With the SSL certificate and SSL CA certificate from your third-party, and the RSA key from CSR generation in step 1, paste the certificate details into the associated fields.
Note: Please be sure to copy the entire certificate including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines.
- Click Install Certificate to complete the SSL installation to the server.
Portal - Install Third-Party SSL
- Log into your Billing Portal.
- Navigate to the Hosting menu, click Manage under the desired hosting package, then click Add in the SSL Certificate section:
- On the next page, scroll to the Third-party SSL Certificates section and click Install now for a one-time fee of $10/per website.
- Provide the SSL certificate, RSA key, and CA bundle in the next page:
Note: If you do not receive a Success! message for each field, attempt copying the entire certificate including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines.Note: These may be provided as .crt files. To copy their text, you can open them in a text editor (such as notepad).
- Click the Next button to provide payment information and complete the installation.
Once these steps have been completed, we will install your SSL Certificate. If you are interested in more details regarding the process and what is needed, please see the sections below:
Using a third-party SSL certificate on HostGator servers, please keep the following restrictions in mind:
- Shared or Reseller users cannot install a certificate and must have HostGator install their certificates.
- VPS or Dedicated Server users may install certificates on their own or have HostGator to install the certificate.
The SSL installation form requires the following information:
- The SSL Certificate field is for the main certificate file. This will be provided by the company issuing the SSL certificate.
- The SSL CA Certificate (Trusted Authority) is also known as the CA Bundle or Cert Bundle; this is optional only if your certificate company does not provide a bundle.
- The RSA Private Key field is for the RSA key we sent when you requested a CSR; please check your email for that code.
The following article provides additional information about what you should know before purchasing a third-party SSL:
The fees to have HostGator install a third-party SSL on your behalf are as follows:
- For a single domain SSL the fee is $10
- For a multi-domain SSL the fee is $25 for up to 5 domains plus $5 for each additional domain beyond the first 5.
- Managed Dedicated Servers can have HostGator install any SSLs free of charge.
Renewing an SSL requires an installation of the new certificate and is subject to the installation fees above. For fewer installations, you may purchase a certificate that covers a 2 or 3-year term.
You may purchase a dedicated IP when installing an SSL. A dedicated IP costs $4 per month (or $48 per year.) Servers that do not take advantage of SNI will need a dedicated IP address to install each SSL.
The CSR is only required for issuing a new certificate. If you are renewing your certificate or if your certificate is expired, then you will need a new CSR since you will be issued a new certificate with a new expiration date.
Matching RSA Key
If you do not know whether your RSA and SSL Certificate match, please check using this tool before submitting them: https://www.sslshopper.com/certificate-key-matcher.html
If you do not have a matching pair, you will need to request a new CSR, then have the certificate reissued with the new CSR.