Renewing a branded my.domain certificate for your customers

This process explains how to renew an existing my.domain certificate (when used to provide a branded and secure my.<company-domain> URL).

If your existing SSL certificate is due to expire soon, start this process in advance as it can take a few days to deploy your updated certificate to our web servers.

This process is only available for renewing a hosted certificate for an existing branded my.domain. You can no longer request a new branded my.domain for your customers.

1. Raise a support request

Raise a Priority 4 support request and include the following items, completing the information about your company:

  • Site URL (e.g. my.example.com):
  • Country Name (2 letter code, e.g. GB, CH, BE, NL):
  • State or Province Name (full name):
  • Locality Name (city):
  • Organization Full Name (e.g., Your Company Ltd):
  • Organizational Unit Name (could be your department):
  • Your email address:

2. You receive a Certificate Signing Request (CSR)

Pexip generates a private/public key pair and sends you a certificate signing request (CSR) back for your use in the next step.

3. You buy a new certificate from a Certificate Authority (CA)

You need to obtain a new SSL certificate. You can use your preferred reseller or you can go through a web-store (like https://www.rapidsslonline.com/) and buy a standard/basic web server certificate (that secures www and non-www domains).

Please order a certificate for 1 year's validity. When ordering you will probably need to enter some details about:

  • your billing contact in the company
  • your technical contact in the company

and supply the Certificate Signing Request we generated and sent you.

Note that:

  • The certificate needs to be for the domain: my.<cloud-service-name.com>
  • If requested, please choose Apache or Nginx and PEM respectively.
  • We recommend certificates using the SHA-2 hash algorithm to ensure ongoing browser compliance.
  • You need to pay for the certificate up-front.

The SSL online store (or the issuer they use) checks your identity and may require some additional paperwork. This can take a few days, depending on the country and organization details.

4. Public certificate is issued and sent to you

You are issued a signed public key from the SSL store in an email or as a downloadable binary. Please send the certificate bundle (server public certificate and any intermediate certificates) to Pexip as a Priority 4 support request.

5. Pexip installs the new certificate on our server

Pexip then installs the new certificate and keys on our web server. Please allow a few days for installation.

Following this process ensures that the private key is never transferred over insecure channels (like email).

Note that no changes are required for your existing DNS CNAME record for my.<cloud-service-name.com> pointing to mpg.vp.vc