Procure a custom TLS certificate

If you would like to provide your own TLS certificate from a different certificate authority, please mention that during initial site planning conversations. You can obtain the certificate from a certificate authority of your choosing with a VIP-supplied Certificate Signing Request (CSR).

Certificate requirements

• Certificate need to include both “www” and the root version of a hostname, so a SAN or wildcard certificate is probably best.
• The maximum certificate length that can be accepted by VIP is 398 days.

Request a Certificate Signing Request (CSR)

Create a VIP support ticket and supply the following information in the body of the ticket in order for a CSR to be provided to you.

The text below can be added to your clipboard by hovering over the text and clicking on the “Copy” button that appears.

**Required information**

Domains (list all domains the Cert should cover):
Country Name (2 letter code):
State or Province Name (full name):
Locality Name (eg, city):
Organization Name (eg, company):
Organizational Unit Name (eg, section):
Common Name (e.g. example.com):


**Optional information**

Alternate Names (e.g. http://www.example.com):
Email Address:


**TLS redirection strategy**
Whole Site || Admin Only || Admin

Also in the Support ticket, tell us what TLS redirection strategy best suits your needs:

• Whole Site: Forced HTTPS for both frontend and backend.
  Example: Requests to http://example.com redirect to https://example.com and requests to http://example.com/wp-admin redirect to https://example.com/wp-admin
• Admin Only: Forced HTTPS for backend only AND forced HTTP for the front-end.
  Example: requests to http://example.com/wp-admin redirect to https://example.com/wp-admin and requests to https://example.com redirect to http://example.com
• Admin: Forced HTTPS for backend only (aka minimal required TLS configuration).
  Example: requests to http://example.com/wp-admin redirect to https://example.com/wp-admin and requests to http://example.com AND https://example.com are NOT redirected but served according to the protocol of the request.

With the above information, VIP will be able to provide you with a CSR and you will be ready to obtain a custom certificate from a certificate authority of your choosing.

After your custom certificate has been generated

1. Deliver the certificate to us as an attachment to your support ticket.
2. Certificates generated using a VIP-supplied CSR will not require a private key for installation.
   If you have a need to supply us with a private key, do not attach a private key to a support ticket or regular email message. Ask the VIP Support team for secure transmission options in your support ticket.
3. The VIP team will install the TLS certificate provided after completing the process below and confirm that it is working as expected.