Maintenance of Manual Certificates

This topic applies to

Applies to

SuiteCommerce | SuiteCommerce Advanced


If you use a manual certificate to secure your web store, you are responsible for renewing and maintaining your SSL certificates with your certificate provider, as well as configuring DNS for your secure domains with your domain provider. Maintaining your certificates also includes updating information in NetSuite.

NetSuite is only responsible for allocating a CNAME for your checkout domain, providing you with a CSR for your domain, and binding your SSL certificates to the CNAME.


This section is about maintenance tasks associated with your manual certificate. For information on purchasing certificates, generating CSRs, and securing domains with manual certificates, see Manual Certificates.

You are responsible for the following maintenance tasks associated with your secure domain:

Automatic Renewal

If you want to switch to using automatic certificates after your manual SSL certificate expires, you can do so by editing your domain record and checking Switch to Automatic Certification when Manual Certificate Expires. For information about automatic certificates, see Automatic and Manual Certificates.


SSL certificates are valid for a certain period of time. You are responsible for keeping track of the date when it is time to renew your certificate with your certificate provider. NetSuite displays the valid dates for your certificate on your domain records.


Ensure you use only valid (unexpired) certificates for your secure websites, including websites used for testing. If you do not renew the certificate, the website will be inaccessible 7 days after the certificate expires, even if the user has previously accepted a security exception in the browser.

To view valid dates for an SSL certificate:

  1. Go to Setup > SuiteCommerce Advanced > Domains.

  2. Click View for the desired domain.

  3. Review the Certificate Validity field.

Contact your SSL certificate provider for more information about the maintenance tasks associated with your certificates.

Update Certificates in NetSuite

After you complete each of the maintenance tasks with your certificate provider, you must update the certificate information in NetSuite. This involves adding, deleting, and updating certificate files on the Domains Setup page.


Some certificate vendors, such as GoDaddy, may revoke an old certificate 72 hours after issuing a new one.

To update your certificate files in NetSuite:

  1. Go to Setup > SuiteCommerce Advanced > Domains.

  2. Click Edit for the desired domain.

  3. Generate and download a new CSR file for the domain as described in Generate a Certificate Signing Request (CSR).

  4. Obtain a new SSL certificate from your CA as described in Submit your CSR and Retrieve your Certificates.

  5. Click Change Certificate in the Certificate section.

  6. Click Upload Certificate and upload the certificate files provided to you by the CA. You can also drag and drop the certificate file into the specified area on the form.

    If your CA has given you an intermediate certificate (for example, secure.domainname_ca.crt) as well as the SSL certificate (for example, secure.domainname.crt), make sure you select all the files at the same time during upload. You cannot upload them one at a time.

  7. Click Save.

Your existing secure domain is continuously served until the new certificate is deployed. NetSuite deploys domains often during the day. During this time, checkout through your secure domain continues uninterrupted. You get a notification email message when the new certificate is Live.


You may be allowed to upgrade your SSL certificates based on the options provided by your certificate authority.


You may need to revoke your certificate if it becomes compromised in any way.