To secure a site with https, there are six steps (detailed below):
1. Activate the SSL add-on
2. Generate the CSR
3. Submit the certificate order
4. Approve the certificate order
5. Install the Web Server Certificate
If renewing a certificate, the process will be identical to ordering a new certificate, but starting with step 2, Generate New CSR. The renewal will issue a new SSL certificate that will be installed to replace the existing one, rather than extending the expiration of the existing certificate.
Activate the SSL add-on
The SSL add-on may be enabled for an additional $10 per month. After logging into the DiscountASP Control Panel click the SSL Management link for an overview of the add-on. Then use the "Click Here to go to SSL Add-on Order Page" link to proceed to the activation page.
Finally click the "Activate SSL Addon" button to allow CSR generation.
If the unlimited subdomains add-on was not already enabled, a Unique IP will be provisioned for the site after the SSL add-on is activated. If hosting DNS through DiscountASP, no updates are necessary. But if hosting DNS externally, for example through the domain registrar, the A Record IP will need to be updated. The new IP can be found in the DNS Manager. See the below screenshot for reference.
Alternatively, SSL support is included on our Everleap plans
and migration assistance is available for active DiscountASP site accounts.
Generate the CSR
With the SSL add-on active, the ability to create a CSR will be available in the SSL Management section of the DiscountASP Control Panel (highlighted in red below). The CSR is provided to the certificate authority to issue the SSL certificate. Please note that it is not the SSL certificate itself.
Common Name: The domain name being secured. For example, www.discountasp.net. Or *.discountasp.net if ordering a Wildcard certificate
Organization: The legal name of your organization.
Organization Unit: The department in the organization handling the SSL certificate.
City / State / Country: City / State / Country where your organization is located.
After filling out the fields, click the Submit CSR Information button and the SSL Manager will update with a link to order the SSL Certificate (highlighted in red).
Submit the certificate order
From the Purchase SSL Certificate page, select the desired certificate type via radial button. Most often the PositiveSSL would be ordered as the type of certificate does not have any determination on the level of encryption.
Approver email contact
After selecting the certificate type, the page will refresh and the approver email contact drop-down will be available. It's necessary to select an approver email contact to verify domain ownership for the SSL certificate order via an email sent from email@example.com if you order Sectigo PositiveSSL. If RapidSSL is ordered, the approval email will come from firstname.lastname@example.org
The drop-down will be auto populated with general email addresses at the domain and, if whois privacy is enabled, will include the whois privacy address for the domain. If none of the email addresses in the drop-down exist, you'll want to create one of the listed email addresses, or at least an email alias to forward to an existing email address at your domain, then select that email address from the drop-down.
Note that if an email address is accidentally selected that does not exist, or the drop-down is missed, the approver email address cannot be changed for a submitted order. If possible, create the selected email address or an email alias then open a ticket with the Support Department
to resend the approver email. If the email address or email alias cannot be created, open a ticket with the Billing Department to cancel the current SSL certificate order and submit a new order, selecting a different approver email from the drop-down in the process.
After choosing an approver email address from the drop-down, review the admin contact information. The SSL certificate is sent in a separate email to the email contact in this section. If all the information is correct, use the Purchase button to complete the order.
Note regarding CSR regeneration
Note, if rekeying the certificate, make sure to not revoke / cancel the certificate order. Revoking the certificate would mean it is completely invalid and a new certificate would need to be purchased to replace the original certificate.
Approve the certificate order
Barring any issues with the approver email address, the approver email should be received shortly after the order is submitted. Validate domain ownership with the link provided in the email to receive the SSL certificate at the admin contact email address.
Install the Web Certificate
After approval, an email will be received with a PEM file attached. A PEM file is a text file that can be opened with a text editor like notepad. After opening the file you will see three certificates, but only the first is required. Copy and paste the entire block of text, including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" notations, as in the below example, into the "Install Your SSL Certificate" field at the bottom of the SSL Manager and click the Install Certificate button to complete the process.
To avoid a "not secure" message in a browser, a forced https redirect will be necessary. For more information, see the Force https with URL rewrite
knowledge base article.