How do I install a third-party SSL certificate?

If you would like to purchase an SSL certificate from another company, make sure to first create a CSR at DreamHost before requesting it from your chosen Certificate Authority. That company will then be able to use this CSR to generate your SSL certificate.

If you already have a private key, Certificate Signing Request (CSR), intermediate certificate, and signed SSL certificate (in PEM format), you can install them yourself after setting up an SSL certificate for the domain.

If you already have a signed SSL certificate but do NOT have the corresponding private key, you won't be able install it on DreamHost's servers. Also, do NOT create a private key that is password protected, as the DreamHost panel does not accept these.

Installing the certificate

All of the following commands must be ran on the server where your website is hosted.

  1. Navigate to the Secure Hosting page. A list of your domains display.
  2. To the right of your domain, click the Add button. 
  3. At the top, click the tab titled 'Import a Certificate'.
  4. Next click the Select This Option button.
  5. The next page displays four empty boxes.
    • Certificate Signing Request
    • Certificate
    • Private Key
    • Intermediate Certificate
    Into these fields, enter your 3rd party certificate information.

    Important note about the private key header and footer

    If your private key was created with PKCS #8 syntax, the header and footer appear like this:

    -----BEGIN PRIVATE KEY-----
    ...
    -----END PRIVATE KEY-----

    In order for the panel to accep this key, you must add RSA to both the header and footer. For example:

    -----BEGIN RSA PRIVATE KEY-----
    ...
    -----END RSA PRIVATE KEY-----

    The panel will then accept your key.

  6. When finished, click the Proceed with Certificate Configuration button.
  7. If there aren't any errors, the new certificate is pushed out to the live servers within 15 minutes.
  8. Back on the Secure Hosting page, you can see the certificate now shows as 'Imported'.
  9. Load your site in a browser using https.
    • You can see the padlock icon at the beginning of the URL; if you click on the icon, you’ll see that the cert is verified and active.

If you see the error message "key does not match cert", that means that the SSL certificate you're trying to install does not match the private key that is currently installed. This typically means that the Certificate Signing Request that was used to purchase the SSL certificate was not generated with the private key that is in the panel.

See also

Did this article answer your questions?

Article last updated PST.