Purchase Domains and SSL Certificates

This topic applies to

Applies to

Commerce Web Stores


You must complete all four tasks listed below before setting up your secure domain in NetSuite:

  • Choose a type of SSL certificate.

    For a list of certificate authorities, see the Mozilla Included CA Certificate List.

    You can select an SSL certificate from the vendor of your choice, but it must meet the following restrictions and recommendations:

    • All SSL certificates you plan to use with NetSuite require:

      • A 2048–bit RSA (private and public) key. 4096–bit key lengths are not supported when a CDN is in use.

      • The private key must use the PKCS#1 RSA Cryptography Standard.


        The PKCS#8 Private-Key Information Syntax Standard is not supported. See How can I change the private key from PKCS#8 to PKCS#1? if the private key issued to you uses the PKCS#8 standard.

      • Must be Apache-compatible and PEM-encoded.

    • You are required to purchase SSL certificates that use the SHA-2 hash function or better.

    • The following are not supported:

      • Wildcard certificates

      • Self-signed certificates

      • ECC (Elliptic Curve Cryptography) SSL certificates

      • Subject Alternative Name (SAN) fields on an SSL certificate (that is, adding multiple domain names to a single certificate). Only the Subject Name on a certificate is considered. In cases where SANs are specified on a certificate (using a subjectAltName field), they are ignored.


    To test if a certificate is trusted by your selected web browser, click the link in the URL to Test Website or Example Cert column of the Mozilla Included CA Certificate List. You can purchase certificates from providers not listed in the Mozilla Included CA Certificate list, however they may not be trusted by all web browsers or by the NetSuite application. Contact your certificate provider for more information.

  • Contact your NetSuite account manager to ensure you have access to required features associated with Secure Domains.

    Certain fields that are required for the setup process in NetSuite do not appear unless you have enabled the required features. When you contact your account manager, specify how many secure domains you want to use.


    A fixed number of secure domain licenses are included with a Commerce web store license. If you require more secure domains, you need to obtain additional secure domain licenses or free up one of your existing licenses. See Secure Domain Slots for more information.

  • Obtain a domain name for the secure domain.

    The domain name you use for your secure domain must be different from the name of any existing non-secure domain you use in your web store. Consider using a domain such as checkout.wolfeelectronics.com or store.wolfeelectronics.com. Contact your domain provider to establish a new secure domain.

  • Purchase SSL certificates.

    You need SSL certificates for each secure domain. Purchasing SSL certificates requires a separate set of steps that you complete outside of NetSuite. Contact the certificate authority that you are purchasing your certificate from for details.