How to Create an SSL Certificate for Manual Installation¶
On this page you will find the step by step process for creating an SSL certificate that you intend to install manually. This means you plan to download the certificate and install it yourself, instead of letting us install it for you on a site we host for you.
This process is generally the same as the one found in our basic instructions for creating an SSL certificate with more information on a few extra steps that we would normally complete for you during an automatic installation.
Step One: Generate Your CSR¶
You will be asked to provide your CSR in the process of ordering your SSL certificate from Gandi, so it is helpful if you can generate it before starting your order. You can find detailed instructions for generating a CSR on our CSR page.
Step Two: Start Your Order on the Gandi Website¶
This section explains how to order the certificate from our website.
To start the process of buying a certificate go to our SSL certificate page. There you will find a table showing the different levels of certificates we offer. Choose which level of certificate you need, then click “Select” under the option you want. This will launch a dialog guiding you through the process of setting up a new certificate.
Next, select where you will install your certificate. Since this tutorial is specifically written for users wanting to use an SSL certificate outside Gandi, you will most likely choose “Somewhere else.”
Next, choose the type of certificate you want to create. You can choose from these options:
After you choose your type you can confirm any additional options, such as the size.
On the next page you will copy and paste the CSR you created in step one. Remember to copy the entire contents of the .csr file (not the .key file), including the lines containing
"-----BEGIN CERTIFICATE REQUEST-----"and
"-----END CERTIFICATE REQUEST-----".
Choose the domain control validation method you will use. You can choose from:
Adding a given DNS record to your website’s DNS records.
Validate via an email sent firstname.lastname@example.org, where example.com is the domain name you are securing.
Validate by adding a file on your website.
Complete the checkout process and pay for your certificate.
Step Three: Provide the Necessary Documents¶
If you have ordered a standard certificate then you can skip this step, since you do not need to provide any documents.
If you have ordered a Pro or Business certificate then you will need to send the necessary documents for verification. You can find instructions for submitting these documents on the following pages:
Instructions for submitting documents for a Pro certificate.. You will generally receive an email requesting these documents, and you can simply reply to this email with the documents attached. Gandi will verify these documents on behalf of the certificate authority, Sectigo.
Instructions for submitting documents for a business certificate.. These documents must be sent directly to Sectigo. You will also need to receive a phone call at your publicly listed phone address.
Step Four: Validate Your Domain¶
Before your SSL certificate is issued, Sectigo, our certificate authority, will require proof that you have control over the domain you want to secure. When we generate a certificate for you automatically, behind the scenes we will add a DNS record to your domain that will serve this purpose. When you are installing a certificate yourself, you will need to choose a method of domain control validation (DCV) and then take the steps required.
You should now go ahead and complete the validation using the method you chose when completing your order. You will receive instructions via email, or you can find the SSL certificate in the “SSL Certificates” section of your account and find instructions there. If you chose the email method, you can also resend your validation email in the overview for your new certificate in the “SSL Certificates” section of your account.
Step Five: Answer Callback¶
If you have ordered a standard certificate then you can skip this step.
If you have ordered a Pro or Business certificate then you will need to receive a phone call. You can find instructions below.
Step Six: Await Verification¶
If you have ordered a Pro or Business certificate, Sectigo, our partnering Certificate Authority, will perform checks on the information you provide. This can take as short as a few hours or as long as a few days. Business certificates require more time than Pro certificates. You can track the progress by finding the certificate in the “SSL Certificates” section of your account. You will receive an email once the process is complete.
Step Seven: Download Certificate and Intermediate Certificate¶
Once you Sectigo has finished their review and issued your signed certificate, you can download it on the page for the certificate in the “SSL Certificates” section of your account.
On the same page you can also download the intermediate certificate.
For installation you will need:
The final certificate downloaded from your account (.crt file)
The private key file you created in step one (.key file)
The intermediate certificate (.pem file)
Installation instructions vary widely between different server setups, so we recommend following instructions for SSL certificate installation from your hosting provider.