This guide is only meant for NeonCRM clients who have purchased and managed their own custom SSL certificate before January 2015 and are in need of renewing their SSL certificate. As of January 2015, NeonCRM no longer supports organizations doing this on their own. NeonCRM now offers a monthly service fee where the client places the order through NeonCRM and the certificate, updates, renewal, etc are managed by our Support Team. Feel free to submit a ticket if interested in learning more.
Overview
If your organization purchased an SSL Certificate from a 3rd party Certificate Authority like GoDaddy, Thawte, or VeriSign. The certificate must be a subdomain of your main URL, for example: "https://secure.[your domain name].org"
Z2 Systems, Inc. will need to install the certificate you purchase or own on the NeonCRM server. Then your organization will have to change your DNS and point your certificate (secure.[your domain name].org) to a unique IP Address (we’ll provide that information when necessary).
*NOTE: A standard security certificate can only be used on one server and that would be the designated NeonCRM server. If your organization’s security certificate is meant to be used on multiple servers, this would require what is known as a *WILDCARD certificate.
Please check with your NeonCRM account representative by submitting a ticket if you have any questions not answered in this guide.
Below are the steps that your organization should perform:
- Your Org: You’ll need to decide the name of the SSL sub-domain that your organization will be using/purchasing. PLEASE EMAIL US THE NAME YOU HAVE CHOSEN. Most of our clients choose “secure.[your domain name].org”, or something of the like. All of your NeonCRM forms will be under https://secure.[your domain name].org/ after this process is completed. NOTE: If you will be using this certificate on another server, please be sure to purchase a Wilcard Certificate. You can ask your NeonCRM representative for clarification on this if necessary.
- Z2 Systems, Inc.: Email us the name of your sub-domain and we’ll generate the CSR file and email it to you. This happens before you purchase the SSL Certificate from the Certificate Authority.
- Your Org: You will submit the SSL certificate application (for an Apache server) along with the CSR file that has been generated to the Certificate Authority you have selected (CA = Certificate Authority: such as VeriSign, Thawte, Godaddy.com, etc.)
- Your Org: when your certificate is approved and issued by CA, download the certificate zip file formatted for Apache servers -- this is a crucial step. Then, forward the zip file to Z2 Systems, Inc.
- Z2 Systems, Inc.: we’ll install the SSL certificate onto our servers and test it to make sure it works properly.
- Your Org: Z2 Systems, Inc. will provide your organization a unique IP Address for your SSL Certificate and your webmaster will have to point your website’s secure DNS (Domain Name System) to the IP Address that Z2 Systems, Inc. has provided.
- Your Org: Please notify Z2 Systems, Inc. when Step #6 has been completed as there are a few final processes we have to complete on our end.
- Your Org: The SSL certificate has an expiration date. Going forward, you’ll need to contact your CA to renew your certificate before it expires. Please dedicate an individual within your organization who will be responsible for renewing this certificate prior to it expiring.
Renewing your SSL Certificate
- If your SSL Certificate has expired or is about to expire, you'll need to contact your Certificate Authority (e.g., GoDaddy, Thawte, or VeriSign) to renew or repurchase a certificate.
- In order to initiate this process, you'll need to submit your original CSR file to your Certificate Authority. If you do not have it, then contact us and we'll provide it for you.
- Once you renew/repurchase your certificate, you will need to provide us with the new SSL Certificate so that we can install it on our server.