To secure a site with https, there are six steps (detailed below):
1. Upgrade to Max/Ultimate/Power if on a Basic plan
2. Generate the CSR
3. Submit a certificate order
4. Approve the certificate order
5. Install the Web Server Certificate
Renewal
If renewing a certificate, the process will be similar to ordering a new certificate. The renewal will issue a new SSL certificate that will be installed to replace the existing one, rather than extending the expiration of the existing certificate.
First generate a new CSR at Winhost Control Panel > Sites > the domain name > SSL Manager. Then click the "SSL" link and then "Renew" to submit the order. Importing the new CSR, selecting a new approver email address and confirm the admin email contact is still valid before submitting the new order.
Upgrade to Max plan or higher if on a Basic plan
A Max plan or higher is required to install a SSL certificate. If on a Basic plan, the upgrade is found at Winhost Control Panel > Sites > the domain name > Change Plan (at the bottom of the Site Info pane).
Generate the CSR
If on a Max plan or higher, a CSR may be generated through the SSL Manager. Found at Winhost Control Panel > Sites > the domain name > SSL Manager
CSR fields
Common Name: The domain name being secured. For example, www.winhost.com. Or *.winhost.com if ordering a Wildcard certificate
Organization: The legal name of your organization.
Organization Unit: The department in the organization handling the SSL certificate.
City / State / Country: City / State / Country where your organization is located.
After filling out the fields, click the "Submit CSR Information" button and the SSL Manager will update with a field containing the CSR. To order a SSL certificate through Winhost, click the SSL1 link or the Purchase SSL certs through Winhost2 link.
If ordering a SSL certificate directly through a certificate authority, the CSR will be provided to them during the SSL order, then the SSL certificate will be installed through the Winhost Control Panel (Install the Web Certificate).
Submit a certificate order through Winhost
When purchasing a SSL certificate through Winhost, on the SSL page click the "Order New SSL Certificate" button.
Select the SSL certificate1 via radial button then, using the Select CSR to Import2 drop-down, select the applicable CSR, click the Import button, then "Continue".
On the next page, first select a valid Approver Email Contact from the drop-down. The approver email is used to validate ownership of the domain for security purposes. And for that reason, the approver email contact list is auto populated.
If no email address or alias currently exists matching one from the drop-down, make sure to create one before submitting the order. In cases where the order was submitted before a matching address was created, the approver email can be resent afterwards from the "SSL" page in the Winhost Control Panel.
The Admin Contact Information, found below the approver email contact, will be automatically populated. However, special attention should be paid to the Admin Email contact. That Admin Email contact is both where the issued certificate is sent and is the email address that will receive a renewal reminder 30 days before expiration of the certificate.
Once done selecting the approver email and reviewing the contact information, click "Continue" for one final review of the CSR and Contact Information before finally submitting the order by clicking the "Order New SSL Certificate" button.
Approve the certificate order
The approver email should be received shortly after the order is submitted. Then shortly after validating the domain with the included link, the issued certificate should be received at the Admin Email contact. If the issued certificate is not received for any reason, Support can be contacted to pull the certificate directly via API. While the issued certificate is not immediately available via API, it can typically be pulled within a half hour to an hour after being issued.
Install the Web Certificate
The issued certificate will be sent as a PEM file attachment. A PEM file is a text file that can be opened with a text editor like notepad. After opening the file you will see three certificates, but only the first is required. Copy and paste the entire block of text, including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" notations, as in the below example, into the empty "Install SSL Certificate" field at the bottom of the SSL Manager and click the "Submit Certificate" button to complete the process.
Force https
To avoid a "not secure" message in a browser, a forced https redirect will be necessary. For more information, see the
Force https with URL rewrite knowledge base article.
Note regarding CSR regeneration
Note, if reissuing the certificate, make sure to not revoke / cancel the certificate order. Revoking the certificate would mean it is completely invalid and a new certificate would need to be purchased to replace the original certificate.