Installing a Third-Party SSL Certificate
If you are on a Pro or Enterprise plan, you can install an SSL certificate from a third-party certificate issuer. For a third-party SSL certificate, you will need to generate a CSR (Certificate Signing Request) in BigCommerce, which will give the SSL certificate provider the necessary information to create a working SSL certificate.
Generating a CSR (Certificate Signing Request)
You will need to generate a CSR (Certificate Signing Request) to provide your third-party certificate issuer before generating an SSL certificate. The CSR contains store and server information necessary for the SSL certificate to be installed successfully.
1. Log into your store as the Store Owner, and go to Server Settings › SSL Certificate.
2. Click Generate a CSR.
3. Complete the required information, then click Generate CSR.
- Approver Email — the approver email address from the drop-down options. You must have access to this email address to complete the SSL install process.
- Common Name (CN) — the fully qualified domain name you wish to secure (selected in Step 2)
- Organization Name (O) — usually the legal incorporated name of a company and should include any suffixes such as Ltd., Inc., or Corp
- Organizational Unit (OU) — department name (e.g. HR, Finance, IT)
- Locale (L) — city or town (e.g. Austin, San Francisco, Sydney)
- State/Province (S) — state, province, region, or county
- Country Code (C) — two-letter ISO code for the country where your organization is located (e.g. US, CA, GB)
4. On the following page, you will be provided the CSR. Click anywhere in the box and copy the entire block of code, including the lines that contain -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----.
We'll also email the generated CSR to the store owner's email address. The message has the subject line A new CSR has been generated for your SSL certificate.
Generating and Installing the SSL Certificate
You can now generate your SSL certificate with your third-party provider using the CSR from the previous section. If you've already received your SSL certificate before getting the CSR, reach out to your SSL certificate issuer for guidance on reissuing the SSL certificate.
1. Provide the certificate issuer with the CSR you copied in the previous step.
2. Use the following settings when downloading your SSL certificate:
- Server type - Apache or Apache Mod (HTTP)
- Hash - SHA-2 (SHA 256)
- Bit Strength - 4096-bit or 2048-bit
3. You will receive two files: the SSL certificate and a bundle containing the intermediate certificate. If you receive them in a zipped file, extract them on your computer before proceeding.
4. Open the certificates using a text editor such as Notepad or TextEdit. (You may need to open these programs first, then navigate to your certificate files.) Copy the SSL certificate, including the lines that contain -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
5. In the BigCommerce control panel, go back to Server Settings › SSL Certificate, then click Install a 3rd party SSL.
6. Paste your SSL Certificates into the appropriate fields.
- SSL Certificate — the SSL certificate; it will not be labeled bundle, CA, or intermediate
- Intermediate Certificate — the SSL certificate that is labeled bundle, CA, or intermediate
7. Click Install SSL Certificate.
Your SSL certificate will take approximately 20 minutes to install. After this time, you can use the tools listed below to verify that it was properly installed.
Installing a Multi-Domain or Wildcard SSL Certificate
Multi-domain and wildcard SSL certificates have the capacity to cover multiple domains or subdomains. As such, they can be very useful if you are running multiple stores or a single store with several sub-sites. Multi-Domain SSL certificates will work with any domain name entered as the Common Name or SAN (Subject Alternative Name) when purchasing the SSL certificate. Wildcard SSL certificates can be used for multiple subdomains of a single domain. For example, you could purchase a single wildcard SSL certificate to apply to www.domain.com, shop.domain.com, blog.domain.com, and so forth.
SSL certificates require a private key that matches the CSR used to generate them. BigCommerce does not provide private keys and CSRs generated by BigCommerce cannot be used for a certificate that has a wildcard common name, or a common name other than the domain/subdomain of the store. Therefore, when installing a multi-domain or wildcard SSL certificate, you will need to follow some additional steps to generate a private key.
1. Generate a CSR and private key using CSR Generator. Store the private key somewhere safe and do not share it with anyone.
2. Provide the CSR to the certificate authority (CA) you purchased the wildcard SSL certificate from and have them reissue or regenerate the certificate. They will also provide you with an intermediate certificate.
3. In your BigCommerce store, go to Server Settings › SSL Certificate. Click Transfer existing.
4. This will bring you to a page where you can enter the SSL certificate, private key, and intermediate certificate (provided by your certificate authority).
Testing Your SSL Certificate
You can check your SSL using the following tools:
- SSL Shopper's SSL Checker - this tool will check that your domain is using a properly-installed SSL
- SSL Shopper's Certificate Decoder - this tool can help you check your SSL's information, such as its expiration date
- Why No Padlock? - this page checks individual secure URLs and provides specific security errors if it detects any problems