Order an SSL Certificate in OpenSRS

You order trust service products from the Trust section of the Reseller Control Panel (RCP). This article walks through the full ordering flow, including supplier selection, validation details, organization contacts, and CSR submission. Fields you see depend on the certificate type; some products show only a subset.

Before you begin

• RCP access: Sign in to the Reseller Control Panel.
• Certificate Signing Request (CSR): Generate a 2048-bit CSR from the web server that will host the certificate. — modern requirements may exceed 2048 bits.
• Organization details: Have the legal organization name, address, and contact information ready for OV and EV products.
• Validation email: Identify the approver email for the domain (admin, administrator, hostmaster, postmaster, or webmaster).
• SAN list: For SAN certificates, finalize all additional domains. SAN names cannot be added after the order is processed without contacting the CA.

Step 1: Start a new trust order

1. In the Control Panel, click Trust.
2. Click the + icon.

Step 2: Select the supplier and service

1. From the Select a supplier drop-down list, choose the certificate provider.
2. From the Select a service drop-down list, choose the certificate product.
3. For domain-vetted certificates, enter the domain name to associate with the service.
4. Click Continue to next step.

Step 3: Choose the customer account (SiteLock and TRUSTe only)

1. Select Existing Customer Account and choose the account, or select New Customer Account and provide a username, password, and email address.
2. If you select No Customer Account, the end user will not have access to the Domain Admin control panel and you cannot add credentials later.

Step 4: Set the service and validation period

Use the drop-down lists to choose the values for your product. Not every field appears for every certificate type.

• Certification period: How long the certificate is valid. TLS/SSL validity is capped at 398 days (roughly 13 months) per the CAB Forum rule effective September 1, 2020.
• Validation email: The address of the approver who will receive the validation message from the CA.
• Web server: The server type that will host the certificate. The CA uses this with the CSR to generate the certificate.
• Server count: The number of servers licensed to use the certificate. You are charged per server in most cases. — legacy GeoTrust products previously included unlimited server licences.

Step 5: Enter the organization contact

For OV and EV certificates, complete the Organization Contact Information section with the legal organization details.

Step 6: Enter individual contact details

1. Complete every field in the Individual Contact Information sections.
2. To reuse an existing contact, choose it from the Make same as drop-down list and verify the fields are populated.

Step 7: Submit the CSR

1. In the Certificate Settings section, paste the CSR.
2. Add any special instructions, if needed.
3. Click Add Service to submit, or Save as Draft to keep the order pending.

Certificate generation guides are available from each supplier:

• Sectigo
• Trustwave

Step 8: Add SANs (SAN certificates only)

1. In the Additional Domains section, enter each additional hostname.
2. Click Add Domain to add another field or click the red X to remove one.
3. Certificates with IP addresses in the Common Name or SANs are not supported.

Next steps

• Approve the validation email: The CA sends an approval request to the validation email and processes the order once you confirm.
• Track the order: Monitor the order status from the Trust tab.
• Install the certificate: Install the issued certificate on your web server.

Questions? Contact OpenSRS Support.