Search in this section

Skip to end of metadata
Go to start of metadata

How to order Multidomain Certificates. Sample Certificate: GeoTrust - True BusinessID

Before Ordering

  • Create the CSR key on the server where the certificate will later be used.
  • Create SSL contacts if the required contacts do not exist in the system.
    • Administrative contact = applicant (identical to the details in the CSR key). The contact corresponds to the company that will use the certificate.
    • Technical Contact = Reseller/Provider
  • Check if a MX-Record is created so that the confirmation email of the CA can be sent. (Only required for authentication method EMAIL)

Note that for multidomain certificates, the domain owner must be the same for all domains.

Order Certificates with the SSL Manager

  • Click Order Certificate in the menu group SSL Certificates.
  • In the section Product Choice:


  • Select the desired certificate in the Product list
  • Select the desired validity period in the Certificate Lifetime list
  • Under Server Software, select the operating system of the web server for which the certificate is issued.
    All Windows servers are automatically PKCS7 encoding format, all other PKCS12.
  • For the SHA Fingerprint Version, choose between:

    • SHA-256 Cert + Root: The current default. Returns a certificate chain in the SHA2 algorithm.
    • SHA-256 Cert + SHA-1 Root: Returns a SHA2 certificate with the older SHA1 root certificate of the CA.
Certificates are only issued in the SHA-256 algorithm. The selection here allows you to choose between SHA-1 and SHA-2 root certificate issuance. The current standard is the complete SHA-2 chain (SHA-256 Cert + Root). The root certificate in SHA-1 is only recommended for old devices before 01/08/2013.
  • 'Certificate Transparency' is enabled by default.

What is 'Certificate Transparency'?

With the 'Certificate Transparency' procedure, certificates issued by mistake or maliciously are to be better recognized for a domain. The digital certificates issued by a 'Certificate Authority' for encrypted Internet connections are checked and logged per default in a revision-proof logbook.

  • In the CSR Key section, insert the pre-created CSR key.
    Note that when copying the CSR key, mark the first line "-----BEGIN CERTIFICATE REQUEST-----" and the last line "-----END CERTIFICATE REQUEST-----" including the lines with.

You can use a DigiCert tool to check the correctness of the CSR key beforehand https://ssltools.digicert.com/checker/views/csrCheck.jsp
  • Click the Check CSR Key button.
  • The Common Name (certificate name) from the CSR key is displayed in the Name field in the Certificate Details section.
  • For Additional Domains, enter the domains to be included in the multidomain certificate.

Please note that you must specify at least one additional domain when ordering a multidomain certificate for the first time. Otherwise, the certificate cannot be extended and will only be ordered as a single-domain certificate.


  • Select the contacts in the Contact section:
    • Administrative Contact = Applicant (must be identical to the details in the CSR key)
    • Technical Contact = Reseller/Provider

You can also create new contacts here by clicking on the  icon. Sometimes, however, the contact is already predefined and cannot be changed by you.

  • Select the desired authentication method in the Authentication Settings area.

Follow the instructions that appear in the yellow box after you select the authentication method.

  • Email: An email will be sent to the approver email address selected here.
    Select the email address in the Approver Email field.
    Click on the confirmation link in the email. This confirms the domain ownership. (MX-Record must be created for this).
Please make sure that for the selected email address no greylisting is activated to avoid problems with the delivery of the confirmation email.
  • File: Create a file with the data generated by the system and store it on the web server.

Example:
FILE Name: example.com/.well-known/pki-validation/fileauth.txt
File Content : 2018112007555401i23owspz4su5ry9q31j6rlhw89e4wwd2tz8jt9a0rpl36u1n

  • DNS: Enter the DNS record generated by the system in the zone. For example, this method is used by default for the free Basic SSL certificate.

  • Confirm the note for GDPR.
  • Click on Submit to start the order process.