Select Type of SSL Certificate

This topic applies to

Applies to

SuiteCommerce | SuiteCommerce Advanced

 

The first step in acquiring a manual SSL certificate is to identify the type of certificate you need. One reason to prefer a manual certificate to the automatic certificate provided by NetSuite is if you require an Extended Validation (EV) certificate for your domain. EV is a special type of certificate that requires more extensive investigation for validating an entity before the certificate is issued.

You can select an SSL certificate from the vendor of your choice, but it must meet the following restrictions and recommendations:

  • All SSL certificates you plan to use with NetSuite require:

    • A 2048–bit RSA (private and public) key. 4096–bit key lengths are not supported.

    • The private key must use the PKCS#1 RSA Cryptography Standard.

      Note

      The PKCS#8 Private-Key Information Syntax Standard is not supported. See How can I change the private key from PKCS#8 to PKCS#1? if the private key issued to you uses the PKCS#8 standard.


    • Must be Apache-compatible and PEM-encoded.

  • You are required to purchase SSL certificates that use the SHA-2 hash function or better. For more information, see the help topic Supported TLS Protocol and Cipher Suites.

  • The following are not supported:

    • Wildcard certificates

    • Self-signed certificates

    • ECC (Elliptic Curve Cryptography) SSL certificates

    • Subject Alternative Name (SAN) fields on an SSL certificate (that is, adding multiple domain names to a single certificate). Only the Subject Name on a certificate is considered. In cases where SANs are specified on a certificate (using a subjectAltName field), they are ignored.

For a list of certificate authorities, see the Mozilla Included CA Certificate List.

Note

To test if a certificate is trusted by your selected web browser, click the link in the URL to Test Website or Example Cert column of the Mozilla Included CA Certificate List. You can purchase certificates from providers not listed in the Mozilla Included CA Certificate list, however they may not be trusted by all web browsers or by the NetSuite application. Contact your certificate provider for more information.