Maintenance of Secure Domains

This topic applies to

Applies to

Commerce Web Stores


If you have a secure web store, you are responsible for renewing and maintaining your SSL certificates with your certificate provider, as well as configuring DNS for your secure domains with your domain provider. Maintaining your certificates also includes updating information in NetSuite. NetSuite is responsible for allocating a CNAME for your checkout domain, and binding your SSL certificates to that CNAME.


This section is about maintenance tasks associated with your secure domain. For information on purchasing domains and certificates, creating certificate keys, and uploading certificates, see Prerequisites for Setting Up Secure Domains.

You are responsible for the following maintenance tasks associated with your secure domain:


SSL certificates are valid for a certain period of time. You are responsible for keeping track of the date when it is time to renew your certificate with your certificate provider. NetSuite displays the valid dates for your certificate on your domain records.

To view valid dates for an SSL certificate:

  1. Go to Setup > SuiteCommerce Advanced > Domains.

  2. Click View for the desired domain.

  3. Review the Certificate Information field.

Contact your SSL certificate provider for more information about the maintenance tasks associated with your certificates.

Update Certificates in NetSuite

After you complete each of the maintenance tasks with your certificate provider, you must update the certificate information in NetSuite. This involves:

  • Adding, deleting, and updating certificate files in the file cabinet.

  • Selecting the updated files on the Domains Setup page.

Adding, deleting, and updating files in the file cabinet only affect which certificates are available to select on the Domains Setup page; it does not update the certificates deployed with NetSuite.

For example, when you renew the SSL certificates for your secure domain, you can update your certificates in the file cabinet, but no changes are initiated until you select the updated files on the Domains Setup page.


Some certificate vendors, such as GoDaddy, may revoke an old certificate 72 hours after issuing a new one.

To update your certificate files in NetSuite:

  1. Upload or edit the certificate files in the SSL Certificates folder in the file cabinet.

  2. Go to Setup > SuiteCommerce Advanced > Domains.

  3. Click Edit for the desired domain.

  4. Select the updated files in the Certificate field and the CA Certificate field.

  5. In the Certificate Key field, enter the updated key.

  6. In the Key Password field, enter the password, if applicable.

  7. Click Save.

Your existing secure domain is continuously served until the new certificate is deployed. NetSuite deploys domains often during the day. During this time, checkout through your secure domain continues uninterrupted. You get a notification email message when the new certificate is Live.


You may need to replace your SSL certificates when setting up your NetSuite web store, or in the event that your private key is lost, or becomes corrupted. Alternatively, you may need to update your certificate to change the domain name. In this case, you must use the default checkout URL,, until your new custom checkout domain is live.


You may be allowed to upgrade your SSL certificates based on the options provided by your certificate authority.


You may need to revoke your certificate if it becomes compromised in any way.