Shortcut to this article: enom.help/ssl-faq

We also have an introduction to SSL article.  Please read that first for basic SSL concepts.   

• Purchase
  1. What is a CSR and how do I create one?
  2. How do I purchase a certificate using the CSR?
  3. Why do I get an error saying "Unable to retrieve CSR information" or "Domain Name not found. Certificate has not been configured yet." when I try to submit my CSR?
  4. When configuring my SSL certificate, I see random email addresses. How can I make my email address selectable on the list?
  5. How do I view the status of my certificates?
  6. How do I purchase SSL for use with Enom hosting?
• Approval
  7. How do I resend the SSL certificate validation email?
  8. Why might a domain-validated SSL certificate be flagged for further review?
• Installation
  9. What do I do when my SSL certificate doesn't work in certain browsers, because it is not trusted for all web browsers?
  10. Where can I get the CA Bundle for my SSL Certificate?
  11. Where is my private key?
• Reissue
  12. Reissue FAQ (reissue)
• Renew
  13. Do SSL certificates automatically renew?
  14. How do I renew an SSL certificate?
• Cancellation
  15. How do I cancel my SSL certificate?
  16. How do I get a refund?

---

 

1. What is a CSR and how do I create one?

CSR stands Certificate Signing Request. A CSR is a special key generated by a web server using that server's unique private key. The CSR is sent to the certificate authority, which generates the final certificate.  While we call it a "key", it is nothing more than a jumbled string of text.  To see what CSR looks like, head over to the CSR Generator and fill in some basic information.  The site will generate a CSR and a private key.  Keep in mind though, you will normally not be using a website to generate the CSR for you.  You will generate the CSR at the web server that is hosting your web content. 

This is what a CSR and a private key look like:

You can think of the CSR as the "public key".  Anytime a CSR is generated, a private key is generated also - hence the public/private key pair for encryption.  You should never provide the private key to anyone unless the certificate is being installed on a different server other than the one that created the CSR.  For most people, you won't have to handle the private key as the private key remains with the web host.  You will ask your web host for the CSR in order to purchase a certificate. 

You can copy the string of text in CSR and freely email it to anyone.  It can be saved as a regular text file also.

The instructions for generating a CSR vary depending on the certificate and web server.  If your SSL Certificate will be used on an Enom hosting account, see this question.

For more information on third party hosting please follow the link that corresponds to the certificate in question. Our system requires 2048 bit encrypted CSRs for all certificates regardless of the web server type.

• Generating CSR for GeoTrust
• Generating CSR for RapidSSL
• Generating CSR for COMODO
• Generating CSR for Symantec

Back to Top 

---

 

2. How do I purchase a certificate using the CSR?

To submit your CSR follow the steps below:

1. Log into your Enom.com/EnomCentral.com/Bulkregister.com account. 
2. Click on Security > SSL Certificates > Manage (if you don't see the menu below, click on your account name on the upper right, then try again)
   ,
   • This will either pull up the one certificate in your account if you only have one, or a list of all of the certificates you have purchased.
3. Click on "Add New" to add a new certificate. 
4. Go through the purchase flow then come back to the list of certificates in your account (as shown in the screenshot above).
5. Click on the Not Configured link for the certificate you want to configure.
   
6. Copy and paste the full CSR into the CSR field
   
   • Be sure to include the -----BEGIN CERTIFICATE REQUEST----- and
     -----END CERTIFICATE REQUEST----- in your CSR.
7. Update the contact information if needed.
8. Click Submit Certificate
9. Fill out the required fields in the Additional Information if needed, then select an Approval Email Address From the drop down menu.
10. Click Submit Certificate

Back to Top 

---

 

3. Why do I get an error saying "Unable to retrieve CSR information" or "Domain Name not found. Certificate has not been configured yet." when I try to submit my CSR?

This issue is generally caused by an incomplete or improperly CSR.

You can use the following tools provided to check if you are submitting a valid CSR. 

• Geotrust CryptoReport CSR Check
• Symantec CryptoReport CSR Check
• Comodo CSR Decoder

 

Back to Top 

---

 

4. When configuring my SSL certificate, I see random email addresses. How can I make my email address selectable on the list?

The Approval Email addresses available for selection are generated by the SSL Certificate Authority. These addresses are:

admin@yourdomain.com, administrator@yourdomain.com, hostmaster@yourdomain.com, postmaster@yourdomain.com, webmaster@yourdomain.com

​If you have a specific email account you want to use as the approval email, you would need to remove any privacy protection on the domain and set this email address as the administrative contact for the domain.  This email address will then appear on the list of selectable email addresses after 24 hours.  If you don't want to disable privacy protection, please create a working email address matching one of the emails above. 

Back to Top 

---

 

5. How do I view the status of my certificates?

To view the status of any certificate follow the steps below:

1. Navigate to the certificate section as shown in question 2. 
2. You can view  the status for all certificates here. Additionally, you can click on the link to the left for more information about that certificate.
   
3. Here you can view all of the certificate details.
   
   
   • Status: the status of the certificate.
     • If available, you can hover your mouse over the i icon to the right of the status for more information.
   • Expiration: date the certificate is set to expire.
   • Order ID: transaction number for the order the cert was purchased on.
     
     • This is not unique to this certificate and would be shared by any certificates or other services purchased at the same time.
   • Reference ID: unique reference ID for the certificate
   • Domain: common name for the certificate, usually a subdomain, such as www.example.com,  mail.example.com or billing.example.com.
   • Approval Email: email address that the validation email is sent out to to confirm that the domain holder authorized the purchase of this certificate .
   • Web Server Information: The Click To View link will expand this section and allow you to view the CSR your have submitted.
   • Contact Information: The Click To View link will expand this section and allow you to view the contact information you have submitted.

Back to Top 

---

 

6. How do I purchase SSL for use with Enom hosting?

Follow the regular purchase flow.  When you come to the step where it's asking for the CSR, select Enom Hosting and fill out the required fields. 

When the certificate is issued, it will automatically be installed in your hosting account. If your site is showing as not secure after the certificate has been issued, please contact our support team. 

Back to Top 

---

 

7. How do I resend the SSL certificate validation email?

The method for having the DCV email resent varies between certificate authorities.

• For GeoTrust (including RapidSSL) and Symantec:
  1. Navigate to the certificate section as shown in question 2.
  2. Click on the Resend Approval Email? link at the top of the page.
     
• For Comodo certificates, you will need to contact our support team.

Back to Top 

---

 

8. Why might a domain-validated SSL certificate be flagged for further review?

Some of the most common reasons for delays in issuing Domain Validated (DV) SSL certificates include:

• WHOIS Privacy protection is being used on the domain in question.
• Having the name of a Fortune 500 company or large bank in the domain for which the certificate is being requested (e.g. bobsmicrosoftshop.com or mikesbankofamerica.com).
• Having a mismatch between the first and last name in the order for the certificate and the email address used in the order (e.g. Jane Smith uses an email address of john_doe@example.com).

To lessen the likelihood of the order being flagged, we suggest using one of the default email addresses for the domain: admin@yourdomain.com, administrator@yourdomain.com, hostmaster@yourdomain.com, postmaster@yourdomain.com, webmaster@yourdomain.com

Back to Top 

---

 

9. What do I do when my SSL certificate doesn't work in certain browsers, because it is not trusted for all web browsers?

If you run into a situation where your SSL Certificate is returning as untrusted when visiting the site using certain browsers, it means that you need to install an Intermediate CA Certificate. See below.

Back to Top 

---

 

10. Where can I get the CA Bundle for my SSL Certificate?

Most SSL Certificates already include the appropriate CA Bundle in the certificate email you received upon purchase. If you have not received or are unable to locate it, you can download the CA Bundle directly from the Certificate Authority.

Below are the links for each:

• ​GeoTrust SSL
  • GeoTrust - New Web PKI Hierarchy Details
• Comodo SSL
  • For further breakdown between the intermediate and root certificates, see here. 
• Symantec SSL
• For RapidSSL

Back to Top 

---

 

11. Where is my private key?

Your private key is stored, and likely generated, on the server where your website is hosted.

Please work with your hosting provider if you need assistance with generating a new private key.

Back to Top 

---

 

12. How can I reissue an existing SSL certificate?

Please see the see our support article on how to reissue an SSL certificate for more information: enom.help/reissue 

Back to Top 

---

 

13. Do SSL certificates automatically renew?

No, SSL Certificates do not automatically renew.

Back to Top 

---

 

14. How do I renew an SSL certificate?

To renew an existing certificate, a new certificate has to be issued for the same common name.

Purchase the same SSL certificate from the same certificate provider (e.g., Symantec, Geotrust, or RapidSSL). The certificate must be configured with the same information as the original certificate.

The certificate cannot be renewed earlier than 90 days prior to the expiration date (60 days prior if you are using a Comodo Certificate).

The renewal cannot be applied if the new SSL goes over 5 years.

When you renew your certificate, the new expiration date will be 12 months from the date of purchase, plus the remaining days left on the SSL being replaced. 

Back to Top 

---

 

15. How do I cancel my SSL certificate?

For Geotrust and Symantec certificates that have not been approved, navigating to the certificate details page will allow you to cancel or modify a cert:

For Geotrust or Symantec certificates that have already been approved, follow these steps to log into the certificate portal, then click on the "Cancel Order" button near the middle of the screen. 

For ​COMODO certificates, please contact Support with your request to cancel and we will work with Comodo to cancel the certificate. 

Back to Top 

---

 

16. How do I get a refund?

Refunds are only available within 30 days of the initial purchase of the certificate.  To get a refund, please cancel your certificate first.  Once that is done, you will receive a confirmation email from Geotrust/Symantec.  Please forward us the confirmation letter and also state that you would like a refund. 

Back to Top