Ordering an SSL certificate

An SSL certificate is a digital document that ensures the security of the user's personal data. For example, passwords, credit card numbers, email addresses, etc. When an SSL certificate is used, the data is transmitted to the server using a secure protocol.

Ordering service

Ordering an SSL certificate is possible if your provider offers such a service.

To order an SSL certificate, enter Products/Services → SSL certificates → click Order.

When ordering the service, specify the SSL certificate Parameters. The setup consists of a few steps:

Select Tariff plan → click Order.
Complete the certificate request form:
1. Choose how to send your request:
  - Generate a request — specify the request data and the system will create it automatically;
  - specify an Existing request — enter the Certificate request (CSR) data in the additional field. The remaining fields will be filled in automatically.
2. Specify the request data:
  Use only Latin letters and numbers when filling in the fields.
- - - Domain — full name of your domain. E.g., example.com;
    - Country;
    - Region — region, territory, republic, etc. without abbreviations. For example, Manchester;
    - City — the city or locality without abbreviations, for example, Liverpool;
    - Organization — full name of the organization or full name of the individual;
    - Department — the name of the subdivision of the organization;
    - Email — contact email, which will be displayed in the certificate properties;
    - Alternative wildcard domains — domains that use the wildcard character (*) to indicate all possible subdomains. This allows a single certificate to protect not only the main domain, but also all of its subdomains. For example, a certificate for *.example.com will be valid for www.example.com, mail.example.com, blog.example.com, and so on. The option is available if the provider has included it in the tariff.
Click Next.
Save the private key of the certificate.
Select the Do not save the key in the system check box if you do not want the platform to store the key data.

If you lose the secret key, you will need to reissue the certificate.
Click Next.
Provide contact information:
1. Administrative contact — a person in a senior position with the authority to send a request for a certificate on behalf of the organization. The certification authority will send the contact person a copy of the issued certificate;
2. Technical contact — the certification authority will send a certificate to this contact person with information about the renewal and update procedure. As a technical contact, you can Apply the administrative contact data or specify the details of the system administrator.
Do not provide toll-free numbers as a contact number.
Click Next.
Provide your organization's information if you are applying for an OV or EV certificate.
Details
- OV certificate — confirms the existence of your organization. It can be issued to individuals and legal entities. It is used for digital code signing, customer authentication, protection of personal data, correspondence and online payments. Information about the company is required in the application. The certification authority will verify the data from official sources and may require you to send copies of documents;
- EV certificate — confirms the existence of your organization, the right to own domain names and the identity of persons authorized to act on behalf of the company. This certificate type can only be issued to registered businesses and organizations. It is used for customer authentication, protection of documents, payment data and major online transactions. The certification authority conducts additional validation and may request constituent documents or call the number listed in official sources.
Do not provide toll-free numbers as a contact number.
Click Next.
Select the email address of the domain owner. The certification authority will send a confirmation email to it.
Check the following:
- the selected mailbox exists on the domain and can receive incoming mail;
- you have access to this mailbox.
Click Continue.
Select the service Auto-renewal conditions.
Select additional options for the SSL certificate if your provider has enabled this feature.
Read the Terms of Service.
Click Add to cart.

The certification authority will send a confirmation email to the specified email address. Follow the instructions in the email to issue the certificate.

SSL certificate validity periods

Starting from 2026 new rules of the CA/Browser Forum organization come into effect, limiting the maximum validity period of SSL certificates. This is done to enhance security. The platform is adapted to work with these changes.

Start date of changes	Maximum certificate validity period	Validation Reuse period
March 15, 2026.	200 days	DV — 200 days; OV/EV (SII) — 398 days.
March 15, 2027.	100 days	DV — 100 days.
March 15, 2029.	47 days	DV — 10 days.

Where:

DV — domain validation (Domain Validation);
OV — organization validation (Organization Validation);
EV — extended validation (Extended Validation);
SII — subject information(Subject Identity Information).

Subscribing to SSL certificates

Due to the reduction of certificate validity periods, certificate authorities offer an SSL subscription model. This allows purchasing a certificate for a long period (for example, for 1–5 years), while the technical certificate will be reissued automatically in accordance with the new rules (every 200, 100, or 47 days).

With a multi-year subscription, you pay for the certificate several years in advance and reissue it annually. In the client area, two different dates are displayed for such a certificate:

Expiration date — the expiration date of the current certificate (according to CA/Browser Forum rules);
Paid until — the expiration date of the paid subscription period.

For example, your client orders and pays for an SSL certificate April 02, 2026. for 5 years. After successful processing, two fields are displayed for this certificate in the client area: Expiration date and Paid until. The field Expiration date will show the date October 19, 2026 — the date until which the current certificate is valid. The field Paid until will show the date April 02, 2031. — the expiration date of the paid period. Each year during this period, platform will automatically perform an action according to the settings:

send a notification about the need for reissue;
reissue the certificate for the next year.

If the certificate is purchased for one year, the field Paid until remains empty.

Setting up a reissue policy

You can configure the SSL certificate reissuance policy:

via the platform interface. In the main menu, go to Products → Product types → SSL certificate → button Edit → block Subscription:
- Expired certificate processing policy — select one of the options:
  - Automatic certificate reissue — default value;
  - Certificate expiration notification — a notification is sent to the client about the expiration of the current certificate. To set the notification template, in the main menu go to the section Settings → Message templates;
- Period to start working with expiring certificate — specify how many days before the certificate expiration the policy should be triggered. Default value — 10, maximum value 200.
using the configuration file /usr/local/mgr5/etc/billmgr.conf. Use the options:

- Option SSLSubscriptionPolicy — specify to configure the certificate processing policy within the subscription. Values:
  - auto — certificate reissuance is triggered automatically. Default value;
  - manual — a notification is sent to the client about the expiration of the current certificate. To set the notification template, in the main menu go to the section Settings → Message templates;
  - none — no actions are performed;
- Option SSLSubscriptionBefore — the value determines how many days before the certificate expiration the Option SSLSubscriptionPolicy policy should be triggered. Default value — 10, maximum value 200.

View SSL certificate information

You can download the files containing the private key and the certificate request:

Go to Products/Services → SSL Certificates.
Select SSL сertificate in the table → View → Certificate files.