Purchasing an SSL Certificate from DNSimple

Last Updated: 28 March 2014

dnsimple ssl

Table of Contents

You must be using DNSimple’s DNS service to purchase an SSL certificate from them.

Securing your site with SSL and an SSL Endpoint requires that you either generate an SSL certificate yourself or purchase one from any number of SSL providers such as DNSimple.

If you are only interested in securing a test or staging site and don’t want the added expense of purchasing an SSL certificate you can generate your own. For all production and consumer-facing sites it is recommended that you use a certificate purchased from an SSL certificate authority.

The process for purchasing an SSL certificate is dependent on the type of domain being secured.

Subdomain and root domain

With DNSimple, the same certificate is used to secure the www subdomain, e.g., www.example.com, and the root domain, e.g., example.com.

Purchase certificate

When purchasing your certificate, enter www in the “Host Name” field. This will generate a certificate for www.example.com as well as example.com.

If you’re securing a subdomain other than www, enter that in the “Host Name” field. However, be aware that the resulting certificate will not also be valid for the root domain.

Download private key

Under the “SSL Certificates” section of your domain’s DNSimple management page, click on the “Details” link for this certificate.

Copy the contents of the Private Key text area into a local file called server.key.

DNSimple private key field

Certificate file

After the domain administrator approves the SSL certificate request you will receive an email with your certificate.

Copy the domain certificate (called Web Server CERTIFICATE in the certificate email) into a file called server.crt.

RapidSSL certificate bundle

You must also specify a chain of intermediate certificates (called a bundle) for your certificate to be trusted by browsers. Download this certificate bundle to a local bundle.pem file.

$ curl https://knowledge.rapidssl.com/library/VERISIGN/INTERNATIONAL_AFFILIATES/RapidSSL/AR1548/RapidSSLCABundle.txt > bundle.pem

Wildcard domain

A wildcard domain certificate is capable of securing all subdomains of a particular top-level domain (TLD) and is represented by *.example.com.

Purchase certificate

When purchasing your certificate, enter * in the “Host Name” field.

You can only secure single-level subdomains with a wildcard certificate. For instance, secure.example.com and ssl.example.com are valid, but www.ssl.example.com is not.

Download private key

Under the “SSL Certificates” section of your domain’s DNSimple management page, click on the “Details” link for this certificate.

Copy the contents of the Private Key text area into a local file called server.key.

DNSimple private key field

Certificate file

After the domain administrator approves the SSL certificate request you will receive an email with your certificate.

Copy the domain certificate (the one starting with STAR_ in the certificate email) into a file called server.crt.

Comodo certificate bundle

You must also specify a chain of intermediate certificates (called a bundle) for your certificate to be trusted by browsers. Download this certificate bundle to a local bundle.pem file.

$ curl https://gist.github.com/rwdaigle/5503531/raw/bundle.pem > bundle.pem

This certificate bundle was created for your convenience. If you wish to verify, or generate it yourself, you can recreate it using the files you received in your email from Comodo: $ cat EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > bundle.pem

Provisioning an endpoint

The resulting server.crt, bundle.pem and server.key files are required when provisioning an SSL endpoint for your app.