How do I get a certificate for my Site Builder website?

1. Contact CCH support at 800.739.9998, option 4, option 5, option 3 to initiate the process.
2. Support will generate the CSR (Certificate Signing Request) that you will need at your Certificate Authority provider (CA).
3. Once you have the CER or CRT files (probably several files inside a ZIP), contact Support and we will use remote session to transfer the file. Some email servers will probably scrub the ZIP file contents so emailing the file will not work.
4. Once we have those files, then we can finalize the process.
5. Our internal process may take 24-48 hours.  NEW
6. We deploy SSLs after normal business hours Tuesday and Thursday (5pm Central Time) NEW

Notes on the process:

The CAs listed below are companies that our customers have had success with in the past and have a good reputation for customer service. You are not getting a “better” certificate from one CA vs another, an SSL certificate is an SSL certificate. Also, Wolters-Kluwer is not partnered with any of these companies, so there is no financial incentive for us one way or another. It’s simply your preference.

SSL Certificate Authorities

GoDaddy (No need for a wildcard certificate)
Network Solutions (Either the Xpress or Basic)
Register.com (Either the Essential or Premium)

Our CSR is created using {domain} as the domain without http:// or www, etc. So when you are asked or presented with a form asking for the domain name (sometimes labeled common name), enter it without the http:// or www. Stating this a different way and in more accurate technical terms, all of the CSRs generated by CCH will have a SAN (Subject Alternative Name) for both the root/bare/naked domain name and the www subdomain.  Make sure your provider is issuing your certificate for both SANs.

One final note, this process will have to be repeated each time the certificate is renewed, so it is recommended purchasing the certificate for the longest term that is affordable to you. CAs may sell you a certificate for 5 years, but that is purely about purchasing. No CA  issues a valid certificate for longer than one year. So you MUST renew or rekey or re-issue (not re-purchase) every year. 

What if I have already purchased a certificate? How do I get it on my site?

For security reasons, CCH  CANNOT/WILL NOT accept any Private Key not generated by CCH. CCH must generate the CSR and private key pair.

If you did not contact CCH for the CSR, you do not need to re-purchase or revoke the certificate, but you do need to re-issue using our CSR. Revoking generally means you have to get a refund from your provider. DO NOT REVOKE if at all possible!

To restate, the cheaper and free SSL providers generally generate CSR and private KEY files. CCH cannot use the SSLs provided from these sources unless they can accept our CSR file and not provide you a private key. Additionally, some of these providers want custom folder names and custom file in these folders as part of the domain. For security reasons, CCH does not permit the certificates from these providers. We have found the Namecheap and Sertigo (Comodo)  do not have any way to you to use our CSR. That means they generate the CSR and the private key we cannot accept. NEW

Contact CCH support at 800.739.9998, option 4, option 5, option 3. 

Common questions asked by Certificate Authorities

Do I need a CSR or SSL for multiple domains? No. We can generate the CSR to cover multiple domains you own. It is not recommended to use SSL on domains using a 301 redirect to your primary domain as the point at which the SSL matters is the domain showing in the address bar of the browser when the page finishes loading.

Do I need to include subdomains? Do not purchase wildcard certificates. Wolters-Kluwer CCH Site Builder will not accept wildcard SSLs for security reasons.

What if I have multiple domains? As a general rule, using a 301 Redirect on secondary domains is preferred, that way, visitors are redirected to the secured domain. However, if you absolutely must use a secondary domain, you must tell Support at the time the CSR is generated so it is included as a SAN (Subject Alternative Name) at time of CSR and private KEY generation and so that we do NOT remove the secondary domain from our control panel.

Does Site Builder support the Free SSL certificates? The Site Builder server does NOT support the free SSL certificates. This includes when you have generated your own CSR and private key pair.

I have a CSR from last time. Can I use it again? Some Google searches on this topic would indicate that you can. We here at CCH have not had successes in doing so. Additionally, new encryption methods and hash  algorithms would mean a new CSR and private key generation is preferred and provides improved security.

N/A

N/A

• During Non-Freeze/Normal period, the client certificate requests which received before 1PM CT will be deployed on the same day between 5 PM - 8 AM. The requests received after 1PM will be deployed next way between 5 PM - 8 AM
• During Soft-Freeze and Hard-Freeze, we will be doing less frequently to minimize risk.
• During Soft-Freeze, we will do Tues/Thu/Sat 10 PM following the 1 PM cutoff of previous day.
• During Hard-Freeze, we will do Sat 10 PM following the 1 PM cutoff of previous day.