Setting up your Symantec Encryption Everywhere SSL that came with the Advanced Security product on your domain can be a little tricky from time to time. Luckily, there are some tips to make the process much easier.
First, make sure you are using our Name.com nameservers.
- The domain needs our nameservers to install and verify a TXT record so that the certificate may be issued.
- You can use any nameservers you want after the SSL is issued.
Next, make sure your CSR is valid.
-
Please make sure you are generating your CSR for the bare domain yourdomain.com but add the www subdomain www.yourdomain.com under the Subject Alternative Name (SAN) field.
-
Please also make sure you generate the Key size for 2048 rather than 4096.
-
The Symantec EE SSL does not support 4096 key sizes.
-
Finally, make sure there are no CNAME records on the bare domain.
- Some hosting providers recommend a CNAME record on the bare domain. Unfortunately, CNAME records will trump all other records on a bare domain. The TXT verification record that is required to set up the SSL needs to go on the bare domain and your CNAME record will cause the validation to fail.
- You can temporarily change your CNAME record to an ANAME record. Then change it back to a CNAME record after your SSL is setup.