Maintenance of Manual Certificates
If you use a manual certificate to secure your web store, you are responsible for renewing and maintaining your SSL certificates with your certificate provider, as well as configuring DNS for your secure domains with your domain provider. Maintaining your certificates also includes updating information in NetSuite.
NetSuite is only responsible for allocating CNAME records for your checkout domain and the DNS challenge, providing you with a CSR for your domain, and binding your SSL certificates to the CNAME.
This section is about maintenance tasks associated with your manual certificate. For information about purchasing certificates, generating CSRs, and securing domains with manual certificates, see Manual Certificates.
You are responsible for the following maintenance tasks associated with your secure domain:
Renewal
Manual SSL certificates are valid for a certain period of time. You are responsible for keeping track of the date when it is time to renew your certificate with your certificate provider. NetSuite displays the valid dates for your certificate on your domain records.
Ensure you use only valid (unexpired) certificates for your secure websites, including websites used for testing. If you do not renew the certificate, the website will become inaccessible seven days after the certificate expires, even if the user has previously accepted a security exception in the browser.
To view valid dates for an SSL certificate:
-
Go to Commerce > Hosting > Domains.
-
Click View for the desired domain.
-
Review the Certificate Status field.
Contact your SSL certificate provider for more information about the maintenance tasks associated with your certificates.
Update Certificates in NetSuite
After you complete each of the maintenance tasks with your certificate provider, you must update the certificate information in NetSuite. This involves adding, deleting, and updating certificate files on the Domain record page.
Some certificate vendors, such as GoDaddy, may revoke an old certificate 72 hours after issuing a new one.
To update your certificate files in NetSuite:
-
Go to Commerce > Hosting > Domains.
-
Click Edit next to the domain name whose certificate you want to update.
-
Generate and download a new CSR file for the domain as described in Generate a CSR.
-
Obtain a new SSL certificate from your certificate authority (CA) as described in Submit Your CSR and Retrieve Your Certificates.
-
Click Change Certificate in the Certificate section.
-
Click Upload Certificate and upload the certificate files provided to you by the CA. You can also drag and drop the certificate file into the specified area on the form.
If your CA has given you an intermediate certificate (for example, secure.domainname_ca.crt) as well as the SSL certificate (for example, secure.domainname.crt), make sure you select all the files at the same time during upload. You cannot upload them one at a time.
-
Click Save.
Your existing secure domain is continuously served until the new certificate is deployed. NetSuite often deploys domains during the day. During this time, checkouts made through your secure domain are not interrupted. You will receive a notification email message when your new certificate is live.
Upgrade
You may be allowed to upgrade your SSL certificates based on the options provided by your certificate authority.
Revocation
You may need to revoke your certificate if it becomes compromised. When revoked, the certificate remains in NetSuite for seven days, after which it is removed. Before removal, the revoked certificate still allows customers to access the website after accepting a security exception offered by the browser. After removal, the website is no longer accessible.