SSL Certificate Custom
SSL Certificate (Custom)
This is where configuration of an SSL certificate occurs. You can access the screen by clicking:
Home → Configuration → (middle menu) Checkout → (toggle on "Advanced View") SSL Certificate (Custom)
The screen will look similar to the screenshot below, if you are a trial user that has not yet placed their billing credit card details on file:
After updating your Service Plan page with the billing credit card details and then returning to the SSL Certificate Custom page, the you'll see:
Your three options:
- Yes, sign me up!
- No Thanks
- Configure 3rd Party SSL Certificate
New Certificate through UltraCart from Comodo
If you choose the "Yes, sign me up!" option, you are taken to this purchase page:
You will need to complete the purchase form with the custom SSL certificate address (Secure Server Name) along with your company name and address details. Also choose the certificate length (number of years). 3 year certificates reduces the renewal duties and offers a savings off the certificate cost.
Field | Notes |
---|---|
Secure Server Name | This is the custom SSL address. we recommend the prefix "secure" (secure.mydomain.com) because it conveys security to the customer. You cannot use your default website address www.mydomain.com if you are hosting your website outside of Ultracart. (see FAQ section below) |
Company Name | It's important that the company name match the company as it appears in the whois record for the domain name. Failure to match up exactly can cause the purchase to be rejected by the certificate issuer. |
Department Name | We default this to "E-Commerce" and we recommend leaving it as such. |
Street Address | Must match the whois record for the domain name. |
City | Must match the whois record for the domain name. |
State | Must match the whois record for the domain name. |
Postal Code | Must match the whois record for the domain name. |
Country | Must match the whois record for the domain name. |
We pre-populate this field with the email address on file for the UltraCart user making the purchase. The will become the point of contact for all followup email notifications involved in the purchase and configuration of the SSL. You may change this to any person within your organization that handles these technical issues. | |
Certificate Length | Choose the number of years:
Auto renewal is in affect. |
After one or more SSL certificates have been purchased, navigating to the SSL Certificates (custom) page will display like this:
Status | Description | Approximate Time Frame |
---|---|---|
Order Received | UltraCart has received your order and will process it shortly. | 1 Business Day |
Validation Documentation Required | UltraCart has requested validation documents that you need to upload by clicking the upload validation documents button. Importance of matching SSL details to the whois record of domain name It's important that the company details submitted to Comodo match the details as they appear in the whois record for the domain name. | Waiting on you |
Validation Documents Pending Review | UltraCart has received your validation documents and is in the process of reviewing them. Same as the warning above. | 1-2 business days |
Requested | UltraCart has requested your certificate from Comodo and is awaiting issuance. | Waiting on Comodo |
Sent CSR to Merchant | You have chosen to obtain the SSL certificate from a third party. We are waiting for you to obtain the certificate and upload it. | Waiting on you |
Pending Installation by UltraCart | UltraCart has received your 3rd party certificate and will install it shortly. | 1 business day |
Verify DNS | UltraCart has installed your certificate and is waiting on you to properly configure the DNS to point to UltraCart. DNS misconfiguration UltraCart performs a check against the assigned DNS CNAME address for the SSL certificate. If no DNS CNAME is found or the wrong IP address is resolving for the CNAME, then a message appears that details this error and provides the correct CNAME assignment that needs to be completed. | Waiting on you |
Issued | This certificate is properly configured and active. |
"Use secure.ultracart.com by default"
"Use secure.ultracart.com by default" check box field. - Select this check box when you have multiple SSL certificates but you do not want the buy links to default a specific custom SSL address. If left unchecked one of the configured SSL's will become the default address for your checkout.
This setting must first be activated by UltraCart Support.
SSL Action Buttons
You may find the following buttons listed to the right of your configured custom SSL certificates. (Not all buttons will appear next to each SSL, as some buttons are dependent upon the type of SSL configured on your account.
Button Name | Description |
---|---|
Renew with 3rd party | This option allows you to go purchase the renewed SSL from a 3rd party. |
Do Not Renew | Tells UltraCart not to renew the SSL |
Re-key | Reissue the SSL to obtain newest certificate |
Move | Move to another UltraCart Account. |
Download | Download the Certificate |
Delete | Delete the configured SSL from the account configuration. |
Advanced Setting
There is an checkbox setting "Use secure.ultracart.com by default" that when checked allows you to use the defaulted secure hostname secure.ultracart.com, so that you can use buy links that do not redirect to the configured SSL. If not checked, a buy link coded with the secure.ultracart.com hostname will auto redirect to the first issued SSL on the account.
If you have multiple SSL's that youwill be using with your items, you will assign the appropriate SSL to the buy link.
Important Note Regarding Cloudflare Configuration
Disable Cloudflare's DNS Proxy
UltraCart does not support Cloudflare's DNS Proxy configuration. You'll need to turn that off.
Navigate Login page: https://dash.cloudflare.com/
Click [DNS] menu of your domain name
Click [+Add record] button to add new records
About SSL Validation Types
UltraCart purchases the EssentialSSL from Comodo, which is by far the easiest to obtain and easier to manage renewals. EssentialSSL certificates are domain validated certificates which only require an Domain Control verification step.
Turn off Privacy Services
PLEASE NOTE: If you have a privacy service turned on for your domain name, you will need to temporarily turn it off in order to complete the Domain Control Validation step. Once you have received the DCV email and complete the validation step, you can turn the privacy service back on.
Alternatively, if you have "admin@yourdomain.com" configured, the DCV email can be sent to that address.
All other Comodo certificate types are organization validated which will require:
- DNS Control Email Verification (example DCV email notification)
- Documentation to validate the address (utility bill, etc.)
- Public telephone listing (with callback verification)
If your e-commerce organization is new, go the EssentialSSL route. In future years you can upgrade to an organization validated certificate once your documentation, (phone number publications, etc.) are all established.
Optionally, you can purchase one of the organization validated certificates from Comodo directly and import it as a 3rd Party Certificate. Organizational certificates take substantially longer to issue and require validation paperwork from your company along with a verification phone call made to the phone number you have listed on either yp.com or superpages.com. You will need to be able to provide paperwork (such as articles of incorporation, utility bills, etc.) that show an address that matches the address on your certificate request and DNS WHOIS record. If you have any type of domain privacy features active on your DNS WHOIS it will increase the issuance time and paperwork.
For this option, see "3rd Party SSL Integration" below for how to purchase and configure your third party SSL.
3rd Party SSL Integration
Integrating a third party SSL (an SSL you purchased directly, without UltraCart as the point of contact with the SSL issuer during the purchase) can be accomplished via a Certificate Signing Request (CSR).
You'll obtain the CSR by clicking the "Download CSR" button. You will need to provide this document to the certificate authority that you are purchasing from. While purchasing the certificate you may be asked for a server type. Select Apache (Apache/Mod_ssl) for the server type.
CSR
When copying and pasting the CSR from UltraCart, be sure to include the entire block of code including the header and footer sections (those are part of the CSR and it will not work if you strip the header and footer out.
Once you have obtained the SSL Certificate file you'll click on the "upload certificate" button. you'll have two options:
- Clicking "choose file" button then browsing your computer and uploading the zip file containing your certificate (and all intermediate root certificates)
or - Paste the certificate (and all intermediate root certificates) into the "Certificates" field.
then clicking the "Upload" button.
Upload Certificate Errors
If the certificate fails the validation uploading it, you recieve an error message.
In this situation, you may need to repeat the process of requesting the CSR and then obtaining the Certificate file again.
Installation
Once the Certificate reaches the installation stage, UltraCart automatically process the installation M-F at the following times: 9AM, 12PM, 3PM (eastern time zone).
Remove An SSL Certificate
SSL configured with a Storefront
If the SSL is currently configured for use with a UltraCart Storefront host, navigate to the Storefront menu for that host then click the "Change Location" button and you'll see the SSL appear in a drop-down list in the middle of the window. Select one of the built in storefront hosts (or another SSL you wish to apply in place of the one you are removing.)
SSL not configured with a Storefront
Navigate: Main Menu > Configuration > (middle menu) Checkout > "SSL Certificate (Custom)"
Here you can click the delete button next the SSL certificate you wsht to remove from your account.
Moving Certificate From One UltraCart Account To Another
Merchant's that have multiple UltraCart accounts may find a need to move an SSL certificate from one account to another.
To accomplish this click the move button next to the SSL Certificate:
Then sign into the other account using the form you see above.
Frequently Asked Questions
(click a question to view the answer)
Related Documentation
SSL Configuration Tutorial
SSL Validation Notification