Setting Up a User-Managed SSL Certificate (SSL Business / SSL Business Plus)
Please use the “Print” function at the bottom of the page to create a PDF.
For customers with a server, IONOS Instant Domain or IONOS SSL package
In simple terms, user-managed SSL certificates are text files with encrypted data that you install on your server to secure/encrypt communication between your website and your visitors (customers). To create a certificate file for the desired domain, set up the certificate in your IONOS account. Select the purpose Use for own server. With this setup, you will receive your public key (the SSL certificate) as well as your personal, private key.
By setting up a user-managed SSL certificate, you will receive your personal private key. During the setup process, the certificate is applied for at the certification body Sectigo and issued to the desired domain after successful authentication (validation).
Prerequisites
Your contract contains a not yet set up SSL certificate of the type:
- Instant SSL OV (SSL Business), or
- Instant SSL OV Wildcard (SSL Business Wildcard)
How to set up the SSL certificate in your certificate management:
- Log in to IONOS.
- Click on Menu > Domain & SSL in the title bar.
The page listing all your domains is displayed. - Click on Manage in the section SSL certificates under Portfolio. The overview of your SSL certificates is displayed.
- Search for the not yet set up SSL certificate of type SSL Business or SSL Business Wildcard.
- Click on Not set up yet in the corresponding line in the Domain column.
Select the desired domain you want to issue the certificate to or enter it in the input field.
Make sure the setting Use with my own server is selected as the intended use.
Check the details of your company and adjust them if necessary. Make sure the details of your company or organisation and the administrative and technical contacts are correct, as the certification authority will attempt to contact them during the authentication process.
Note
Any change to the company's name made at this point will also be transmitted to the WHOIS database and will therefore be publicly visible.
Read and confirm the terms of use and click on Set up SSL certificate.
Click on Download private key and save the private key on your computer.
Please Note
Keep the private key safe, as you cannot use the SSL certificate without it! For security reasons, the private key is neither stored by IONOS nor by the certification authority and therefore cannot be requested again. In the event of loss, the SSL certificate must be reissued via the SSL administration (this generates a new key pair). The certification authority now checks whether the domain in question belongs to the company making the request. Finally, verification is carried out by telephone contact.
- Once the company validation has been completed, you can download the SSL certificate and install it on your server. You can find more information on this in the article Installing an SSL Certificate on a Windows Server.
Stages of validation - briefly explained
The examination by the certification body takes place in several steps:
- Company
Authentication The Certification Authority (Sectigo) matches the company name, registration and security status of the company specified in the Certificate Signing Request with the appropriate registration authority of the country, state or (in some cases) the jurisdiction of the city. Public information is also looked up on the Internet. - Domain
authentication The certification authority checks whether the domain name in question is registered on the registered company name in a publicly accessible WHOIS database. If the domain name is not registered for the registered company name, alternative:
- a legally valid proof can
be provided - proof of usage rights for the domain name can be provided, or
- additional documents can be provided. - Telephone verification
As final identity authentication, the certification authority calls the company contact specified in the domain whois. The call can also be answered by another person in the company.
If the certification authority does not reach anyone, either a voice message will be left on the contact's answering machine or an email will be sent by Sectigo with further instructions. This includes information on how to contact the certification body to complete the verification.