How To Renew an Existing SSL on Titanium Sites

Before you Begin - please review QuickBooks for open invoices.

Step 1

Go to the site url with the following URI after the domain name: /.well-known/pki-validation/starfield.html. In TT there is a button on the domain details page that will take you directly to this link

If you get an error screen then Please email sslinstall@i4.net - The site needs to be updatd and you may proceed once the server admin confirms the site has been update is complete.

Step 2

  1. Go to https://sso.secureserver.net and log in.
  2. Click on the user icon in the top right corner of the screen and click on "My products"
  3. Click on the "Manage all" to the right of "SSL Certificates"
  4. Search for the domain you are renewing - you may need to change the status field to "Pending"
  5. Go the domain in https://sso.secureserver.net
  6. Copy the "Unique ID" text on the following screen - it will be a text string that appears to be random characters.

Step 3

  1. Log in to the site admin of the domain you are renewing the SSL
  2. Place your mouse on the "site" icon in the admin toolbar and click on "configuration"
  3. expand the "Site Settings by clicking the plus - look for a field called "starfield"
    • If the field does not exist, click the "Add Item to this category" next to "Site Settings" and add it using the key and value as instructed in the next steps.
  4. in the "value" next to the field titled "starfield" ( all lowercase )  paste in the unique ID obtained in step 3B-12 above
  5. click "save"
  6. Verify the unique ID shows when you browse to domain.com/.well-known/pki-validation/starfield.html - if you get an error please contact the server admin.
  7. Return to the sso.secureserver.net page from the step 4-6 above.
  8. click the "check for HTML / DNS button - the page will reload and you should see a green success message that says, "We have verified your domain. Please allow 5-10 minutes for this to take effect." - if you get an error message please contact the server admin.
  9. Wait a minute or so and refresh the page.

Step 4

  1. After a few minutes has passed, refresh the screen from the previous step
  2. You should now get a screen with "Certificate Detail" - if not, wait a few minutes and try again
  3. Under the "download certificate" look for the "Server Type" drop down box and select "IIS"
  4. Click the "Download Zip File" button - note where the file is downloaded on your computer.

Step 5

  1. Unzip the file you downloaded in the previous step.
  2. Navigate to the domain in TT - scroll down to the CSR section and click the "convert" (two arrows pointing left and right) icon. 
  3. Select the FQDN from the drop down list (there should be two options - one with and one without the www subdomain) - you will need to do this for each of the domains in the dropdown.
  4. click the "choose file" button and select the .crt file from the unzipped download in step 1
  5. Click the "Convert to PFX" button - save the certificate as domain.com.pfx and again as www.domain.com.pfx - for example if you are doing the SSL for www.i4.net - the file needs to be saved twice - once as i4.net.pfx and the second as www.i4.net.pfx (one with and one without the www - for sites with subdomains you do not need to save the www version)
  6. Send the converted PFX files to sslinstall@i4.net