Automatic and Manual Certificates

You have two options for obtaining SSL certificates to secure a domain in NetSuite:

Automatic Certificate Option

The automatic certificate option is usually the easiest and fastest way to secure a domain. If you use the automatic certificate option, Oracle NetSuite obtains a domain validated (DV) certificate for your NetSuite-hosted domain. The advantage of the automatic option is that Oracle NetSuite obtains the certificate, applies it to your domain, maintains it, and renews the certificate automatically. This service is provided at no additional cost.

To use the automatic certificate option, your DNS record must use the CNAME provided by NetSuite on the Domain page. An example of the format for a CNAME is <yourDomainName> (where <YourDomainName> is a variable representing the name of your domain, such as

Be aware that if you choose to switch to the automatic certificate option, you should not also have a CAA record in DNS. A CAA record in DNS may block the deployment of the automatic certificate.


There are some scenarios in which the manual certificate option is more appropriate. These scenarios include:

  • Second-level domains—If you are using a second-level domain (such as, you must use the manual certificate option. To use the automatic certificate option, you must create a subdomain (such as

  • CNAME flattening—If you are using a CNAME flattening feature from your DNS provider, you must use the manual certificate option. CNAME flattening is not supported for the automatic certificate option.

  • Organization Validation (OV) or Extended Validation (EV) certificate—If the nature of your business requires OV or EV certificates, you should use the manual certificate option.

Manual Certificate Option

You may decide to use the manual certificate option for specific reasons, such as those listed in the previous section. Another reason for using the manual option is if you want to use an SSL certificate issued by the certificate authority (CA) of your choice. For a list of certificate authorities, see the Mozilla Included CA Certificate List.

When using the manual certificate option, you must first download a certificate signing request (CSR) for your domain from NetSuite and then submit it to your CA while purchasing a certificate. When you receive the certificate from your CA, you must upload it to NetSuite so that the certificate can be deployed to your NetSuite-hosted website. You cannot deploy this certificate outside of NetSuite. Also, you are responsible for maintaining and renewing the certificate. For more information, see Manual Certificates.


Using the manual certificate option requires extended setup steps and may incur additional cost.

Related Topics

General Notices