Reselling SSL certificates

From ISPWiki

Jump to: navigation, search


Reselling SSL certificates

BILLmanager Advanced and higher version can be used for SSL certificates reselling. This article will go you through the steps you need to perform to integrate BILLmanager with Certificate authorities, create service packages, process orders and resolve the issues, if any.

To be able to resell SSL certificates through BILLmanager, perform the following steps:

  • add a certificate authority;
  • add a certificate template;
  • add a corresponding service package.

Adding certificate authority

First, you should add a certificate authority that will issue and manage SSL certificates. It can be done manually (in this case when a customer submits an SSL issue/renewal request, the administrator in charge will process his order) or in a certificate center that has a corresponding module for order processing. For more information, please read the article Certificate Authorities.

Adding a certificate tempplate

An SSL certificate template defines its internal name and a certificate authority, as well as parameters of the certificate to be issued. A certificate template has the following parameters:

  • Name - enter a name for the SSL certificate template.
  • Multiple subdomains - check the box to secure multiple sub-domains using one SSL certificate.
  • Organization information - check the box to make a user to provide organization information when ordering an SSL certificate.
  • Extended verification - check the box to allow extended verification when ordering the SSL certificate (organization information must be confirmed by appropriate documents).
  • 2048-bit CSR - check the box to allow for a 2048-bit Certificate Signing Request.
  • IDN - select the check box to enable support of the Internationalized Domain names.
  • with WWW + without WWW - select the check box to notify users that the can provide a domain name with the www prefix. The certificate can be used both for a domain name with the prefix or without it.
  • Multiple domain names - select the check box to provide multiple domain names when generating a certificate request or in the certificate order form. Additional domains will be used as subjectAltName. This option is required for ordering SAN, UCC and Multi-domain certificates.

If you choose "Set up manually", the certificate's parameters should be entered manually, if you choose a certificate center, they will be specified automatically.For more information, please read the article SSL certificate template.

Customizing service package

An SSL certificate package is created the same way as other services. The only difference is that you should enter a certificate authority and certificate template instead of the internal name. For more information, please read the article Creating a package.

If you want to create a certificate for multiple domain names, you should create the domainlimit add-on with the billing type set to "Based on order", value type - "integer". This add-on will manage the number of additional domain names and/or IP addresses ignoring the main domain name. The maximum value for the add-on should be specified according to provider's policy and certificate limits. The order step must be equal to the SSL provider's order step, 1 or any other value. If the number of additional names ordered by user is larger than the total number, the certificate will include the ordered value and the client will be able to add names into the certificate when renewing it.

Products---Item types---SSL certificates---the Configuration icon---activate Number of domains. Создать тарифный план либо у существующего тарифного плана --- кнопка Конфиг. --- кнопка Создать --- Тип - количество доменов.

If the SSL certificate's configuration does not contain "domainlimit", click the "Create" icon to add a new one.

Internal name - domainlimit

When ordering a certificate with user privileges, the user cannot select the number of domains, as their number is set automatically depending on the number of domain names the user provided. Type of the domain names is specified while generating the CSR.

Manage SSL certificates in BILLmanager

In BILLmanager you can perform the following operations with the SSL certificates:

  • Process - you can provide the certificate's expiration date and text representation.
  • Reissue - can be used if your certificate's private key is lost. This operation is free of charge and enables to reissue the already existing certificate. The certificate must be issued and a new CSR must contain the same data, as the previous order.
  • Repeat the operation - enables to re-order your certificate without being charged for that operations, if the certificate was cancelled in the certificate authority.
  • Edit properties - modify the confirmation address for the certificate, its contact details and organization information. If the data were changed, they will be applied only upon the certificate renewal. For more information, please read the article Edit SSL certificate properties.
  • Renew - enables to renew the existing certificate. The main difference from the order of a new certificate is its order period. If you renew you certificate, its validity period will start from the expiration date of the previously ordered certificate.


When working with SSL certificates the following errors may occur:

  • Invalid email address for the certificate confirmation. To resolve this issue you should enter a valid email address. The list of email addresses may vary depending on the certificate authority and certificate type.
  • The certificate's private key has been lost. You should reissue the SSL certificate through BILLmanager or in your member area of the certificate authority.
  • Certificate verification failed. To resolve the issue, send your company's founding documents into the certificate authority.
Was this helpful? Yes | No
Personal tools