If you'd like to add a Secure Socket Layer (SSL) to your website to improve your website's security, you'll need to follow these steps. We understand that this is something you may not be familiar with. Please feel free to reach out to us at any point of the process with any questions or concerns you have.
In order to issue an SSL certificate, the provider issuing the certificate ("Certificate Authority" or "CA") has to validate the authenticity of the certificate order to ensure the request is legitimate and comes from an authorized owner of the domain. This process is called domain validation.
VCG is not a CA. We'll provide you with some resources for CA's below.
The goal of validation is to ensure the authenticity of a certificate order before issuing a new certificate. Specifically, before issuing the certificate, the Certificate Authority must be sure the domain listed in the certificate is registered and someone with admin rights is aware of and approves the certificate request.
Therefore, and firstly, you'll want to make sure you have access to a valid email address associated with the management of your domain with admin rights. If VCG host your emails and you need help creating a new administrative email for validation let us know.
Typically the "Registrant" or "Administrator" for the domain will suffice. If you're not sure what email address is used, you can determine who that is by completing a Whois lookup for your domain. There are several online Whois tools to use, including http://whois.domaintools.com/ and www.godaddy.com/whois.
Secondly, you'll need to request a Certificate Signing Request (CSR) from us. You can do so by emailing VCGSupport@VCGCorporate.com and a support ticket will be created. Please ensure to include your domain name with your request. We will then reply with the CSR, which you'll use to order the Certificate.
Then, you'll need to purchase the certificate from a Certificate Authority. The following are links to third-party providers (not affiliated with VCG) who may be able to assist you:
Important: When provided with the option to choose the server type, choose IIS.
There are a few different certificate "types" or "levels" to choose from. You may want to ask your SSL provider for more clarification if need be. Here's a brief explanation of the different levels:
- Domain Verified (DV) - Typically speaking this is the most simplistic and quickest certificate. The certificate supplier will send an email to the Registrant for the domain, and then, once verified by the Registrant and the necessary information is provided to VCG, the certificate will be uploaded to the website within 1 -2 business days (this is the method VCG suggests for validation).
- Organization Verified (OV) - Additional information will need to be provided by you to the supplier to ensure you are, in fact, the owner of the domain name. This process can take days to verify.
- Extended Verified (EV) - The supplier will need extensive information from you to verify that you are, in fact, the owner of the domain name. This process can also take days to verify.
Once the Certificate is approved by your SSL provider, you will receive your digital certificates from them and will need to forward that information to us. Please reply to the original support ticket with this information.
Once we have your certificate, we will be able to install it for your website within 1-2 business days. We will update you via the support ticket when it has been completed.
Please note: VCG is not affiliated with any of these companies and there are various other companies that provide these services as well. If you have questions specifically about their services, you'll need to reach out directly to their support team. If you're unsure of who to ask, let us know and we'll point you in the right direction.