To secure a site with https, there are six steps (detailed below):
1. Upgrade to Max/Ultimate/Power if on a Basic plan
2. Generate the CSR
3. Submit a certificate order
4. Approve the certificate order
5. Install the Web Server Certificate
If renewing a certificate, the process will be identical to ordering a new certificate. The renewal will issue a new SSL certificate that will be installed to replace the existing one, rather than extending the expiration of the existing certificate.
Upgrade to Max or Ultimate if on a Basic plan
A Max or Ultimate plan is required to install a SSL certificate. If on a Basic plan, the upgrade is found at Winhost Control Panel > Sites > the domain name > Change Plan (at the bottom of the Site Info pane).
Upgrade to Power Plan if on a Basic plan
Upgrading to the Power Plan requires site migration. Please contact our technical support department.
Generate the CSR
If on a Max or Ultimate or Power plan, a CSR may be generated through the SSL Manager: Winhost Control Panel > Sites > the domain name > SSL Manager
Common Name: The domain name being secured. For example, www.winhost.com. Or *.winhost.com if ordering a Wildcard certificate
Organization: The legal name of your organization.
Organization Unit: The department in the organization handling the SSL certificate.
City / State / Country: City / State / Country where your organization is located.
After filling out the fields, click the "Submit CSR Information" button and the SSL Manager will update with a field containing the CSR. To order a SSL certificate through Winhost, click the "purchase SSL certs through Winhost" link or click the "SSL Cert" link along the top.
If ordering a SSL certificate directly through a certificate authority, the CSR will be provided to them during the SSL order, then the SSL certificate will be installed through the Winhost Control Panel (step 5).
Submit a certificate order
When purchasing a SSL certificate through Winhost, on the SSL page click the "Order New SSL Certificate" button.
Select the SSL certificate via radial button then, using the drop-down, import the CSR for the applicable common name and "Continue".
On the next page is the approver email contact drop-down. The approver email is used to validate ownership of the domain. For that reason, the email address list is auto populated. If none of the email addresses currently exist at the domain, it will be necessary to create the email address prior to completing the order.
If an email service is being used where each email address is a separate license, as in Office 365 or G Suite, it may be easiest to create an email alias that forwards the email, for example, from firstname.lastname@example.org to an active email address.
After selecting an approver email contact from the drop-down, review and make any necessary updates to the Admin Contact Information. The issued SSL certificate is sent in a separate email to the admin email contact.
Once done, "Continue" to select the SSL certificate validation period, one or two years, review the CSR and Contact Information, most importantly common name and the approver and admin email contact, then submit the order via the "Order New SSL Certificate" button.
Approve the certificate order
Barring any issues with the approver email address, the approver email should be received shortly after the order is submitted. Validate domain ownership with the link provided in the email to receive the SSL certificate at the admin contact email address.
Install the Web Certificate
After approval, an email will be received containing two separate certificates: a Web Server Certificate and Intermediate CA. Only the Web Server Certificate is installed. The Intermediate CA can be ignored. Copy and paste the entire block of text, including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" notations, as in the below example, into the empty "Install SSL Certificate" field at the bottom of the SSL Manager and click the "Submit Certificate" button to complete the process.
To avoid a "not secure" message in a browser, a forced https redirect will be necessary. For more information, see the Force https with URL rewrite
knowledge base article.
Note regarding CSR regeneration
Note, if rekeying the certificate, make sure to not revoke / cancel the certificate order. Revoking the certificate would mean it is completely invalid and a new certificate would need to be purchased to replace the original certificate.