Program Overview
OpenSRS now offers a complimentary Domain-Vetted SSL Lite certificate, allowing our resellers to provide a FREE, baseline level of security to their customers. You can read more about the program here.
Note: An SSL Lite only covers the root domain.
For coverage beyond the root, you may opt to purchase the SSL Lite Wildcard. For more details please see our program page here.
Requirements
To qualify for this free service, a registrant must:
1. Have a domain with OpenSRS
2. Set the domain's nameservers to our SystemDNS. (ns1.systemdns.com / ns2.systemdns.com / ns3.systemdns.com)
3. The domain cannot have a status of Client hold or Suspended
SSL Lite Wildcard
A Wildcard certificate can be purchased for an additional fee. This allows for unlimited subdomains (on the same webserver) to be protected with a single certificate. For example, you could use a wildcard certificate for the domain name opensrs.com, and have this certificate also cover mail.opensrs.com, ftp.opensrs.com and any other subdomain. The wildcard refers to the fact that the cert is provisioned for *.opensrs.com.
To view other SSL products we offer, click here.
Things to consider before ordering
Before placing your Trust order, take a moment to review that all items are valid.
- Your CSR contains all the correct information (Common name and or additional SANS)
- Your CSR has been generated with a signature algorithm of SHA2
To validate the information contained in your CSR, please see our CSR Parser tool. Symantec also has a great tool here.
Note: A Certificate Signing Request (CSR) is generated on the server to which the certificate will be installed
Once ordered, the following features are currently NOT supported. Please make sure everything is correct first before placing an order. If you need to accomplish any of the following, please use one of our entry-level DV certificate products like RapidSSL instead :
- Cancel Order
- Reissue certificate with new CSR
- Update Order (e.g. approver email change)
- Renewal
Ordering Process
In the Reseller Control Panel, SSL Lite and SSL Lite Wildcard orders can be added to any new domain registration or existing domain, and can also be generated through the Trust tab. The respective process flows are listed below.
Add SSL Lite to a new domain registration
1. Select the + icon from the Domains tab and enter the domain name you wish to register.
2. Check the Free SSL Certificate option under Domain Settings.
Please note: SSL Lite requires the use of OpenSRS nameservers (SystemDNS). Checking this feature, therefore, will automatically select the Use Our Nameservers option. If custom nameservers have been defined, checking Free SSL Certificate will cause them to revert to the OpenSRS defaults.
3. Complete all required fields, then scroll to the bottom and Submit Registration
4. Review the order.
A confirmation window will appear, with SSL Lite selected as the default. You also have the option to choose the Wildcard version. Click Continue to Next Step to complete the registration process.
4. Provide the Certificate Signing Request (CSR) and confirm contact information.
Once you have entered your CSR and confirmed the contact information is correct, click Submit to complete your order.
Add SSL Lite to an existing domain
1. From the Domains tab, click on the domain to which you would like to add the SSL Lite certificate.
2. Locate the Free SSL Certificate under Domain Settings and click Get it now!
3. Review the order.
A confirmation window will appear, with SSL Lite selected as the default. You also have the option to choose the Wildcard certificate. Click Continue to Next Step to complete registration process.
4. Provide the Certificate Signing Request (CSR) and confirm contact information.
Once you have entered your CSR and confirmed the contact information is correct, click Submit to complete your order. (How to generate CSR)
Add SSL Lite as a new Trust service
1. Initiate a new order.
Select the + icon from the Trust tab and enter the domain name you wish to register.
2. Select the SSL Lite option.
In the window that appears, select Symantec SSL as the supplier and SSL Lite as the service and Continue to Next Step.
Next, from the service drop-down menu, select product_type.symantec_ssl_lite or product_type.symantec_ssl_lite_wildcard.
Please note: There is a fee associated with SSL Lite Wildcard (product_type.symantec_ssl_lite_wildcard)
3. Assign the certificate to an existing domain.
Click the option to Associate with existing user and select the domain to which you would like to add the SSL Lite certificate.
4. Finish the process by clicking Submit.
CSR Generation and Troubleshooting
How to generate a CSR
A Certificate Signing Request (CSR) is generated on the server on which the certificate will be used. Accordingly, it's best to contact the hosting provider for help in generating a CSR.
Note: Please ensure that your CSR has been generated with a signature algorithm of SHA2.
Our SSL partners have provided some useful resources on CSR generation and SSL installation:
How to generate a CSR
GeoTrust | Sectigo | Trustwave | Symantec | Thawte
How to install an SSL certificate
How to convert a certificate into the appropriate format
If you are having trouble generating your CSR or installing a certificate, the system admin of your webserver can best help you.
Trouble Processing your certificate order
OpenSRS is well-equipped to help you, should you have trouble processing your SSL order.
The best way to avoid processing delays or order cancelations, is to ensure that all the information contained in the CSR (Common name and or additional SANS) is correct.
Our Parser Tool allows you to parse the CSR while the order is either pending or processing. You can then see the information contained in the CSR, and any errors related to it.
Symantec also has a great tool, which can be accessed here.
API Examples
The two product types to be used are: symantec_ssl_lite & symantec_ssl_lite_wildcard | See below for an example.
Note: SSL Lite certificate itself can not be obtained over API.
You can also access the complete API XML Guide online.
0.9
XCP
sw_register
trust_service
NEW
admin@example.com
US
Example Inc.
+1.4165550123
Ottway
Suite 500
CA
ottway@example.com
SomeCity
90210
+1.4165550124
32 Oak Street
Owen
Organization
US
Example Inc.
+1.4165550123
Adams
Suite 100
CA
adams@example.com
Santa Clara
90210
+1.4165550125
32 Oak Street
Adler
Admin
US
Example Inc.
+1.4165550123
Burton
Suite 200
CA
burton@example.com
Santa Clara
90210
+1.4165550136
32 Oak Street
Bill
Billing
US
Example Inc.
+1.4165550123
Wayne
Suite 200
CA
wayne@example.com
Santa Clara
90210
+1.4165550136
32 Oak Street
Thomas
Tech
process
-----BEGIN CERTIFICATE REQUEST-----
MIICuzCCAaMCADB3MQswCQYDVQQGEwJVUzEUMBIGA1UEAxMLZXhhbXBsZS5jb20x
FDASBgNVBAcTC1NhbnRhIENsYXJhMRUwEwYDVQQKEwxFeGFtcGxlIEluYy4xEzAR
BgNVBAgTCkNhbGlmb3JuaWExEDAOBgNVBAsTB1N1cHBvcnQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDTCJ1qnH3gaKVd8VXTOx5GR+MYinU36Z9psxuG
haMZ70qhTwng5zcbC93XIpAJRkbMwMu1EI10QDNi91Z4ORI9ExbBg0HBrAz+k85O
lMUk1xTR8FQ8eHWXLnL3uXDevi5XMsb0ASB6wADDdvVm2Eb4qu+B1KD5qCSPiRJ2
FLeNNI3JNosmKmtmhqgy6+0qYYTP5RPFJeIu55cvX+r9ghiL11eBg/A+3RBhLdLR
+z0CsngOFMlNxzmP0csINw4FIj4AoAkMiA/2Hf6rT6bHiAtJDbkW6jAS3AQjB1IC
LlkFbr12e5P7USqSsKSbwslOHHBJpfYceA6582MI4ZZ3CerNAgMBAAGgADANBgkq
hkiG9w0BAQsFAAOCAQEAaUwWHGCekeDC9U0OqLHlaXT9yRTpBcMu3waqWWhIgxLP
6ut1YlYjz1yAc7XIJPNo+uyXX1BtrMpGgXt7cJmwLeXPHHs1WoleQfKOGjVRf3+8
sQgdVroMR8HtOPid00Vxd4v1caUQtM7N2e2sWe5IL5OS2ziAflc3UhSoLu7JQwNg
pKCQbOVbq5Y+uWYmMkKaZewIiziUvqngUMgA2ci+BJ2xCZmq00Leq+AZMLKPI2NE
NcKsc4yjB4envG4vzc4qMFQakvH0uvsswZc80H7R7neThUgpfQM+PhDI/z3woTPG
exAECZo+AqWhnwdut/Socu+aFkMO0vl77JD4acjODA==
-----END CERTIFICATE REQUEST-----
1
apachessl
1
<item key="product_type">symantec_ssl_lite
Was this article helpful? If not please submit a request here
How helpful was this article?
Thanks for your feedback!