Installing a Third-Party SSL Certificate

If you are on an Enterprise plan, you can install an SSL certificate from a third-party certificate issuer. For a third-party SSL certificate, you will need to generate a CSR (Certificate Signing Request) in BigCommerce, which will give the SSL certificate provider the necessary information to create a working SSL certificate.

Installing an SSL Certificate

The process of purchasing and installing an SSL certificate differs depending on which billing and accounting system your store is using. Determine which billing system your store is using and choose the corresponding set of instructions below.

Generating a CSR (Certificate Signing Request)

You will need to generate a CSR (Certificate Signing Request) to provide your third-party certificate issuer before generating an SSL certificate. The CSR contains store and server information necessary for the SSL certificate to be installed successfully.

1. Log into your store as the Store Owner, and go to Server SettingsSSL Certificate.

2. Click Add a 3rd party.

Add a third-party SSL certificate

3. Select the approver email address from the drop-down options. You must have access to this email address to complete the SSL install process. Once you have selected it, click Generate CSR.

Approver email address, generate CSR

4. On the following page, you will be provided the CSR. Click anywhere in the box and copy the information.

Copy CSR information

Generating and Installing the SSL Certificate with your 3rd Party Provider

You can now generate your SSL certificate using the CSR from the previous step. If you've already received your SSL certificate before getting the CSR, reach out to your SSL certificate issuer for guidance on reissuing the SSL certificate.

1. Provide the certificate issuer with the CSR you copied in the previous step.

2. Use the following settings when downloading your SSL certificate:

  • Server type - Apache or Apache Mod (HTTP)
  • Hash - SHA-2 (SHA 256)
  • Bit Strength - 4096-bit or 2048-bit

3. You will receive two files: the SSL certificate and a bundle containing the intermediate certificate. If you receive them in a zipped file, extract them on your computer before proceeding.

3. Open the certificates using a text editor such as Notepad or TextEdit. (You may need to open these programs first, then navigate to your certificate files.) Copy the SSL certificate, including the lines that contain BEGIN CERTIFICATE and END CERTIFICATE.

Text editor sample

5. In the BigCommerce control panel, go back to Server SettingsSSL Certificate, then click Add a 3rd party.

6. Paste your SSL Certificates into the appropriate fields.

  • SSL Certificate — the SSL certificate; it will not be labeled bundle, CA, or intermediate
  • Intermediate Certificate — the SSL certificate that is labeled bundle, CA, or intermediate

7. Click Install SSL Certificate.

Install SSL Certificate

Your SSL certificate will take approximately 20 minutes to install. After this time, you can use the to verify that it was properly installed.

 

Update your DNS! Switching to a private SSL will change your IP address. If you are pointing to your store using an A record, you'll need to update the DNS at your register with your new IP address.

Generating a CSR

1. Before you generate the SSL from your provider, go to Server Settings › SSL Certificate.

2. If you do not have a private SSL certificate already installed, click View SSL Certificate Options. If you do, click Purchase another SSL certificate.

View SSL Certificate Options button

3. Select I have my own SSL that I'd like to install, then Continue.

The I have my own SSL link.

4. Select I need a CSR to generate my SSL certificate, then Continue.

The Generate CSR link.

5. Fill out the CSR details, then click Continue.

The CSR details page.

6. Your CSR will be displayed on the following page. You will need to copy this (and/or keep this window open) to submit when you generate the SSL certificate.

The CSR code.

Generating and Installing the SSL Certificate with your 3rd Party Provider

1. You will need to provide the CSR generated in the previous step.

2. Use the following settings when downloading your SSL certificate:

  • Server type - Apache or Apache Mod (HTTP)
  • Hash - SHA-2 (SHA 256)
  • Bit Strength - 4096-bit or 2048-bit

3. You will receive 2 files, the SSL certificate itself and a bundle containing the intermediate certificate. If you received them in a zipped file, extract them before proceeding.

4. Open the certificates using a text editor such as Notepad or TextEdit. (You may need to open these programs first, then navigate to your certificate files.) Copy the SSL certificate, including the lines that contain BEGIN CERTIFICATE and END CERTIFICATE.

Text editor example

5. In the BigCommerce control panel, go back to Server Settings › SSL Certificate. Paste your SSL Certificate into the top area. Then copy and paste your bundle/intermediate certificate at the bottom. Save.

Edit SSL Certificate

6. Your SSL certificate will take approximately 15 minutes to take effect. After this, you can use the tools listed below to check it.

 

Update your DNS! Switching to a private SSL certificate will change your IP address. If you are pointing to your store using an A record, you'll need to update the DNS at your register with your new IP address.

Installing a Multi-Domain or Wildcard SSL Certificate

Multi-domain and wildcard SSL certificates have the capacity to cover multiple domains or subdomains. As such, they can be very useful if you are running multiple stores or a single store with several sub-sites. Multi-Domain SSL certificates will work with any domain name entered as the Common Name or SAN (Subject Alternative Name) when purchasing the SSL certificate. Wildcard SSL certificates can be used for multiple subdomains of a single domain. For example, you could purchase a single wildcard SSL certificate to apply to www.domain.com, shop.domain.com, blog.domain.com, and so forth.

SSL certificates require a private key that matches the CSR used to generate them. BigCommerce does not provide private keys and CSRs generated by BigCommerce cannot be used for a certificate that has a wildcard common name, or a common name other than the domain/subdomain of the store. Therefore, when installing a multi-domain or wildcard SSL certificate, you will need to follow some additional steps to generate a private key.

1. Generate a CSR and private key using Trustico's CSR Generator. Store the private key somewhere safe and do not share it with anyone.

2. Provide the CSR to the certificate authority (CA) you purchased the wildcard SSL certificate from and have them reissue or regenerate the certificate. They will also provide you with an intermediate certificate.

3. In your BigCommerce store, go to Server SettingsSSL Certificate. Depending on which billing system your store is using, do one of the following:

  • BigCommerce Account Dashboard - click Transfer existing.
  • Legacy Client Area - Select View SSL Certificate Options (if you've never used an SSL certificate on your store before) or Purchase another SSL certificate (if you're previously added an SSL certificate to your store). Then click I have my own certificate I'd like to install, then I already have my SSL certificate and private key.

4. This will bring you to a page where you can enter the SSL certificate, private key, and intermediate certificate (provided by your certificate authority).

How do I know my SSL is working?

You can check your SSL using the following tools:

For more guidance on troubleshooting SSL-related errors, see our SSL troubleshooting guide.

Was this article helpful?