Procure a custom TLS certificate
If you would like to provide your own TLS certificate from a different certificate authority, please mention that during initial site planning conversations. You can obtain the certificate from a certificate authority of your choosing with a VIP-supplied Certificate Signing Request (CSR).
Certificate requirements
- Certificate need to include both “www” and the root version of a hostname, so a SAN or wildcard certificate is probably best.
- The maximum certificate length that can be accepted by VIP is 398 days.
Request a Certificate Signing Request (CSR)
Create a VIP support ticket and supply the following information in the body of the ticket in order for a CSR to be provided to you.
The text below can be added to your clipboard by hovering over the text and clicking on the “Copy” button that appears.
**Required information**
Domains (list all domains the Cert should cover):
Country Name (2 letter code):
State or Province Name (full name):
Locality Name (eg, city):
Organization Name (eg, company):
Organizational Unit Name (eg, section):
Common Name (e.g. example.com):
**Optional information**
Alternate Names (e.g. http://www.example.com):
Email Address:
**TLS redirection strategy**
Whole Site || Admin Only || AdminAlso in the Support ticket, tell us what TLS redirection strategy best suits your needs:
- Whole Site: Forced HTTPS for both frontend and backend.
Example: Requests tohttp://example.comredirect tohttps://example.comand requests tohttp://example.com/wp-adminredirect tohttps://example.com/wp-admin - Admin Only: Forced HTTPS for backend only AND forced HTTP for the front-end.
Example: requests tohttp://example.com/wp-adminredirect tohttps://example.com/wp-adminand requests tohttps://example.comredirect tohttp://example.com - Admin: Forced HTTPS for backend only (aka minimal required TLS configuration).
Example: requests tohttp://example.com/wp-adminredirect tohttps://example.com/wp-adminand requests tohttp://example.comANDhttps://example.comare NOT redirected but served according to the protocol of the request.
With the above information, VIP will be able to provide you with a CSR and you will be ready to obtain a custom certificate from a certificate authority of your choosing.
After your custom certificate has been generated
- Deliver the certificate to us as an attachment to your support ticket.
- Certificates generated using a VIP-supplied CSR will not require a private key for installation.
If you have a need to supply us with a private key, do not attach a private key to a support ticket or regular email message. Ask the VIP Support team for secure transmission options in your support ticket. - The VIP team will install the TLS certificate provided after completing the process below and confirm that it is working as expected.