Reissuing a Symantec SSL
On December 1st, 2017, Symantec migrated its operation of publicly-trusted certificates to DigiCert, a leading global provider of digital certificates. SSL certificates purchased from BigCommerce are provided by GeoTrust, which is a brand of Symantec. If you're affected by this change, you would have received an email with the subject line Your Store's SSL Certificate containing information about reissuing your certificate.
There are no additional costs or fees to reissue your SSL, but you’ll need to do a couple of things to ensure that your customers can view your store without interruption. The steps outlined below will walk you through reissuing your SSL.
If you are on a Standard or Plus plan, contact our support team for additional assistance with reissuing your certificate.
You'll need the following information before you can begin:
- the email address used to order the SSL
- the order ID
This information was provided to you in our email communication.
Generating a Certificate Signing Request (CSR)
1. Log into your store as the Store Owner, and go to Server Settings › SSL Certificates.
2. Select the domain you want to generate a CSR for. Click Generate a CSR.
3. Complete the required information. Click Generate CSR.
4. The CSR will be provided on the following page. Click anywhere in the box and copy the entire block of code, including the lines that contain -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----. Paste the code into a notepad document. It will be used shortly in the following steps.
We'll also email the generated CSR to the store owner's email address. The message has the subject line A new CSR has been generated for your SSL certificate.
Reissuing the SSL
1. Go to GeoTrust's User Authentication page and complete the fields using the information we have provided. Click Continue.
2. Click Request Access next to your SSL order.
You should be taken to a page with an "Order Access Authentication Email Sent" message. This will prompt the system to send you an approver email with a link to access the GeoTrust portal.
3. Check your inbox for an email from firstname.lastname@example.org with the subject line Order Information Request for [domain]. Click the link that follows "To continue, please visit [link]."
4. You will be taken to a Manage Order page. From the navigation on the left side of the page, click Reissue Certificate (located in the top left).
5. From the Hashing Algorithm drop-down, select SHA-256 with RSA and SHA-1 root.
6. Paste the CSR that was generated in the previous steps into the Certificate Signing Request field on the GeoTrust page.
7. At the bottom of the page, click I agree to this SSL Certificate Subscriber Agreement. Click Submit.
You should be taken to a page with an "Order successfully submitted" message. Check your inbox for an email from email@example.com with the subject line QuickSSL Premium Certificate Request Confirmation (the SSL type may differ depending on the type of SSL you purchased).
8. Click the link that follows [Name] requests that you come to the URL below to review and approve this certificate request. You will be taken to an Order Review and Approval page. Click I Approve to finish the process.
Installing the SSL Certificate
Once the reissue has been approved, you will receive two files: the SSL certificate and a bundle containing the intermediate certificate. If you receive them in a zipped file, extract them on your computer before proceeding.
1. Open the certificates using a text editor such as Notepad or TextEdit. (You may need to open these programs first, then navigate to your certificate files.) Copy the SSL certificate, including the lines that contain -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.
2. In the BigCommerce control panel, go back to Server Settings › SSL Certificate, then click Add a 3rd party.
3. Paste your SSL Certificates into the appropriate fields.
- SSL Certificate — the SSL certificate (it will not be labeled bundle, CA, or intermediate)
- Intermediate Certificate — the intermediate certificate (it will be labeled bundle, CA, or intermediate)
4. Click Install SSL Certificate.
Your SSL certificate will take approximately 20 minutes to install. After this time, you can use the tools listed below to verify that it was installed correctly.
Testing Your SSL Certificate
You can check your SSL using the following tools:
- SSL Shopper's SSL Checker - this tool will check that your domain is using a properly-installed SSL
- SSL Shopper's Certificate Decoder - this tool can help you check your SSL's information, such as its expiration date
- Why No Padlock? - this page checks individual secure URLs and provides specific security errors if it detects any problems
- DigiCert's SSL Certificate Checker - use this page to test your SSL for Chrome distrust