How to order a SSL certificate

KeyCDN offers free Custom SSL. Check out the difference between Shared SSL and Custom SSL here. A certificate is required for Custom SSL. This guide shows how to order a SSL certificate. Once the certificate is ordered, it can be uploaded to the KeyCDN dashboard.

There are a number of SSL certificate vendors. We recommend vendors like:

In this tutorial we show how to order a certificate from gogetssl.com.

  1. Login to gogetssl.com and go to “My Orders”. Click on “New order” in the upper-right corner. Choose “Comodo PositiveSSL”.ssl-order-cert-1We recommend to get a certificate for more than one year due to the small price difference. Now buy the certificate and choose the payment option that you prefer.
  2. Once you’ve bought the certificate, go to “Manage SSL Certificates” and go to “Incomplete”.order-ssl-menuPick the certificate that you just bought and click on “Generate”.incomplete-ssl-certs
  3. Creating a Certificate Signing Request (CSR) and a private key: A CSR is needed in order to get a certificate. There are two options how to do it: Using a Online CSR Generator or creating the CSR locally. The easiest way is to generate the CSR online. If you are not familiar with CSRs, we recommend to do it online but creating the CSR locally is more secure because the key is not created by a online tool. Your private key must NOT be encrypted.
    • Online: We recommend this Online CSR Generator. Please follow the instructions on the page.generate-csr-online-small
    • Locally: The CSR can of course be generated locally. We recommend this tutorial  to create the CSR.

    Here’s an example of a a certificate signing request (CSR):

    -----BEGIN CERTIFICATE REQUEST-----
    MIICyDCCAbACAQAwgYIxC...
    -----END CERTIFICATE REQUEST-----

    Here’s how a (unencrypted) private key looks like:

    -----BEGIN PRIVATE KEY-----
    MIIEvgIBADANBgkqhkiG9...
    -----END PRIVATE KEY-----
    Do NOT share your private key with anyone except uploading it to the KeyCDN dashboard.
  4. In the dashboard of www.gogetssl.com go to “Manage SSL certificates” and click on the submenu “Incomplete”. Click on “Generate” for the certificate that you just bought.
    • Step 1: Fill in the web form as shown here.order-cert-step-1
    • Step 2: This step requires to choose a validation method.
      order-cert-step-2
      Three different validation methods are available.

      Email: Choose one of the email addresses provided in the dropdown menu. It doesn’t matter which email address you choose.

      • Advantage: No need to modify the DNS or server. Normally the fastest method.
      • Disadvantage: Only a limited list of email addresses available.

      DNS CNAME: Copy & paste the CNAME provided to your DNS. The CNAME can be removed after a successful validation. If there’s no email address available for the validation and you don’t want to modify your server, this is the most appropriate validation method.

      • Advantage: No email address required for this method and no need to modify the the server.
      • Disadvantage: The validation can take some time, normally about 12 hours.

      HTTP/HTTPS: This validation method requires a txt file on your server. Simply place the This method is recommended if you have easy access to your server.

      • Advantage: Works with every server.
      • Disadvantage: Not always possible to add the txt file to the server.

      The email validation is the fastest in most cases. You should receive the email within a few hours.

    • Step 3: Private/Business validation. Please provide the the information requested and click on “Complete Generation”. You’ve now completed the certificate ordering process.
  5. It will take some time until the certificate will be issued. The certificate will then be available in the dashboard. Click on “Manage SSL certificates”, then on “All”. Pick the certificate that you want to download. You can then download the certificate as shown here: cert-downloadHere’s an example of a certificate:
    -----BEGIN CERTIFICATE-----
    MIIDrTCCAxagAwIBAgIBA...
    -----END CERTIFICATE-----

    Intermediate certificates are also required in order to use custom SSL within a KeyCDN zone. In the event that you have not received your intermediate certificates, contact your SSL certificate provider or use our Certificate Chain Composer tool to automatically generate the intermediate certificates for you.

  6. You’re now in possession of a certificate and a private key. Login to the KeyCDN dashboard and attach the certificate and the key to your zone. How to setup Custom SSL will guide you through the process.

That’s it. You’re done. Happy content delivery!