Difference between revisions of "Enom SSL Certificates"

Latest revision as of 17:37, 28 December 2022

Supported Certificate Types

This module automates SSL certificate sales through Enom. This allows you to offer the following types of certificate:

GeoTrust QuickSSL
GeoTrust QuickSSL Premium
GeoTrust TrueBizID
GeoTrust TrueBizID Wildcard
GeoTrust TrueBizID EV
RapidSSL
Comodo Essential
Comodo Instant
Comodo Premium Wildcard
Comodo Essential Wildcard
Comodo EV
Comodo EV SGC
VeriSign Secure Site
VeriSign Secure Site Pro
VeriSign Secure Site EV
VeriSign Secure Site Pro EV

Setting Up Enom Products

Watch the video tutorial for this feature.

To set up an SSL certificate product:

Create a product normally.
Set the billing cycle to One Time.
Set the price.
Set the welcome email to None.
In the Module Settings tab, select Enomssl.
Enter your Enom credentials.
Choose the certificate type and length to offer.
Optionally, configure the product to allow clients to choose a different certificate type and pricing using a Certificate Type configurable option.

Register your IP Address with Enom
Because access to Enom's API is IP address-restricted, you must register the IP address from which you will connect your account. For more information, see IP Address Registration below.

IP Address Registration (User not permitted from this IP address)

To use the Enom API, you must first contact them with the server IP address from which you will be connecting (your WHMCS installation's server IP address). This is a security precaution.

To do this:

Log in to your account on the Enom website.
Go to Resellers > Manage > API.
Enter your server's IP address in New.
Click "add".

The Order Process

The product will appear in the order process as a regular product that clients can add to the cart. The system will not perform any configuration before purchase.

After purchase, payment, and activation, the client will receive an email linking to certificate configuration in the Client Area. After the client sets the configuration, the system sends this data to the Certificate Authority for validation. After the Certificate Authority issues the certificate, the client will receive an email with instructions to install it on their hosting account.

Renewal

Due to limitations in Enom's API, the system cannot renew SSL certificates. Clients must place a new order when the certificate period ends. Because of this, we recommend setting this up as a one-time product in WHMCS.

Reissuing

Typically, the certificate issuer is able to reissue a certificate. The process varies depending on the company from which you purchased your SSL certificate.

The Heartbleed Bug
If you are experiencing problems due to the Heartbleed Bug in OpenSSL, re-key your SSL certificates (below). For more information, see our blog post regarding Heartbleed.

You will need the following information to complete a reissuance:

Your full SSL domain name or order ID. If your SSL certificate included www, make certain to include it.
A new CSR request containing the exact same information as the original order.
The email address for the order. You must have access to this address.

Symantec (GeoTrust & RapidSSL)

GeoTrust SSL certificates include free reissues and replacements for the lifetime of the certificate. GeoTrust will reissue or replace SSL certificates that have not expired for the exact same Fully-Qualified Domain Name (FQDN). To qualify for reissuance, all existing core SSL certificate details must remain the same (including the FQDN).

GeoTrust provides a self-service portal that allows you to do this.
You must use the admin email and not the approver email.

Comodo

For Comodo SSL certificates, reissuing is a manual process. To initiate this, you must open a support ticket with eNom and include the required details above.

Comodo also allows the option to change the common name on certificate from, for example, www.example.com to secure.example.com. The subdomain can change but not domain.

Errors

User not permitted from this IP address

This error indicates that you must contact Enom with the server IP address from which you will be connecting (your WHMCS installation's server IP address). This is a security precaution.

Bad User name or Password

This error indicates that the username and password in the Module Settings tab may not match your Enom login details. If TestMode is enabled, make certain that you have registered it on the test server.

The module's create function does not generate a username and password. The username and password fields will be blank under the client's Products/Services tab.

@@ Line 1: / Line 1: @@
 ==Supported Certificate Types==
-This module allows you to automate SSL Certificate sales with the Enom platform.  This allows you to offer the following types of certificate:
+This module automates SSL certificate sales through Enom. This allows you to offer the following types of certificate:
 *GeoTrust QuickSSL
@@ Line 20: / Line 20: @@
 *VeriSign Secure Site Pro EV
-==Setting up the Product==
+==Setting Up Enom Products==
-[[File:Videotutorial.png‎|center|link=https://www.youtube.com/watch?v=frXGunb2vY0&hd=1|Watch Video Tutorial]]
+<html><a href="https://www.youtube.com/watch?v=frXGunb2vY0&hd=1" class="docs-video-tutorial"><em>Watch the video tutorial for this feature.</em><span>&nbsp;<img src="https://assets.whmcs.com/icons/youtube.png">&nbsp;</span></a></html>
+To set up an SSL certificate product:
-To setup an SSL certificate product, follow the steps below.
+# Create a product normally.
+# Set the billing cycle to ''One Time''.
-# Create a product as normal - name, description, no domain options, etc...
+# Set the price.
-# Set the billing cycle to One Time and price as the base price for this certificate
+# Set the welcome email to ''None''.
-# Ensure the welcome email is set to "None" in the dropdown menu as the module sends it's own email
+# In the '''Module Settings''' tab, select ''Enomssl''.
-# On the module settings tab, choose "Enomssl"
+# Enter your Enom credentials.
-# Now enter your enom login details and choose the certificate type and length being offered with this product in the fields displayed
+# Choose the certificate type and length to offer.
-# Additionally, you can let the client choose these options on the order form and alter the price accordingly using configurable options. The option names supported to override the default settings are "Certificate Type" and/or "Years" - you can use both, just the years option or even neither.
+# Optionally, configure the product to allow clients to choose a different certificate type and pricing using a <tt>Certificate Type</tt> [[Configurable_Options|configurable option]].
 <div class="docs-alert-warning">
-<span class="title">Register your IP with eNom</span><br />
+<span class="title">Register your IP Address with Enom</span><br />
-Access to eNom's API is restricted by IP address so you will need to register the IP address from which you will be connecting to your account with them. See the '''IP Registration''' section below for details of how to do this.
+Because access to Enom's API is IP address-restricted, you must register the IP address from which you will connect your account. For more information, see '''IP Address Registration''' below.
 </div>
-==IP Registration (User not permitted from this IP address)==
+==IP Address Registration (User not permitted from this IP address)==
-In order to use the Enom API, you must first contact them and let them know the server IP address where you will be connecting from (the server IP address where you have WHMCS installed). This is part of Enom's security measures to prevent unauthorised users being able to submit registration requests to your account.
+To use the Enom API, you must first contact them with the server IP address from which you will be connecting (your WHMCS installation's server IP address). This is a security precaution.
-*Login to your account on the [https://www.enom.com/resellers/reseller-account.aspx Enom website],
-*Navigate to '''Resellers > Manage > API'''
+To do this:
-* Enter your server's IP address into the "New" field,
+* Log in to your account on the [https://www.enom.com/resellers/reseller-account.aspx Enom website].
+* Go to '''Resellers > Manage > API'''.
+* Enter your server's IP address in '''New'''.
 * Click "add".
-===Multiple Years===
+==The Order Process==
-As mentioned above you can allow clients to choose how long the certificate is registered for. To do this you set the product up as normal with a one time cycle and base price of zero.
+The product will appear in the order process as a regular product that clients can add to the cart.  The system will not perform any configuration before purchase.
-Setup a [[Addons_and_Configurable_Options|Configurable Option Group]] in the normal way and add an option named "Years" with a dropdown of the year options and prices in the monthly field.
+After purchase, payment, and activation, the client will receive an email linking to certificate configuration in the Client Area. After the client sets the configuration, the system sends this data to the Certificate Authority for validation. After the Certificate Authority issues the certificate, the client will receive an email with instructions to install it on their hosting account.
-That then shows on the product configuration screen for the user to choose from when ordering and the price charged is the value of the option selected.
+==Renewal==
-For example your configurable option might look like this:
+Due to limitations in Enom's API, the system cannot renew SSL certificates. Clients must place a new order when the certificate period ends. Because of this, we recommend setting this up as a one-time product in WHMCS.
-[[File:Enom-ssl-options.png|thumb|]]
+==Reissuing==
-==The Order Process==
+Typically, the certificate issuer is able to reissue a certificate. The process varies depending on the company from which you purchased your SSL certificate.
+<div class="docs-alert-danger">
+<span class="title">The Heartbleed Bug</span><br />
+If you are experiencing problems due to the Heartbleed Bug in OpenSSL, re-key your SSL certificates (below). For more information, see [http://blog.whmcs.com our blog post regarding Heartbleed].
+</div>
+You will need the following information to complete a reissuance:
+* Your full SSL domain name or order ID. If your SSL certificate included <tt>www</tt>, make certain to include it.
+* A new CSR request containing the exact same information as the original order.
+* The email address for the order. You must have access to this address.
+===Symantec (GeoTrust & RapidSSL)===
+GeoTrust SSL certificates include free reissues and replacements for the lifetime of the certificate. GeoTrust will reissue or replace SSL certificates that have not expired for the exact same Fully-Qualified Domain Name (FQDN). To qualify for reissuance, all existing core SSL certificate details must remain the same (including the FQDN).
-The product will appear in the order process as a regular product which can be added to the cart.  No configuration is performed before purchase.  Once purchased, paid for, and activated, the user is sent an email containing a link which takes them to configure the certificate in the client area.  Once all details have been provided, the configuration data is sent to the Certificate Authority for validation.  No manual intervention is required from you.
+* GeoTrust provides [https://products.geotrust.com/orders/orderinformation/authentication.do a self-service portal] that allows you to do this.
+* You must use the '''admin email''' and not the approver email.
-==Renewal==
+===Comodo===
-Due to limitations in Enom's API, SSL certificates cannot be renewed. Therefore your clients will need to place a new order when the certificate period ends and it's due for renewal.  This is why we recommend setting up as a one time product in WHMCS.
+For Comodo SSL certificates, reissuing is a manual process.  To initiate this, you must [https://www.enom.com/help/Default.aspx open a support ticket with eNom] and include the required details above.
-==Reissuing==
+Comodo also allows the option to change the common name on certificate from, for example, <tt>www.example.com</tt> to <tt>secure.example.com</tt>. The subdomain can change but not domain.
-Should a customer need to reissue their SSL certificate due to a change of server IP address or security breach at the issuer, please refer to this page for instructions: [[Reissueing Enom SSL Certificates]].
 ==Errors==
 ===User not permitted from this IP address===
-In order to use the Enomssl API, you must first contact them and let them know the server IP address where you will be connecting from (the server IP address where you have WHMCS installed).  This is part of Enom's security measures to prevent unauthorised users being able to submit registration requests to your account.
+This error indicates that you must contact Enom with the server IP address from which you will be connecting (your WHMCS installation's server IP address). This is a security precaution.
 ===Bad User name or Password===
-Ensure the username and password on the Module Settings tab matches with your eNom login details. If the test mode checkbox is ticked ensure you have [http://docs.whmcs.com/Enom#Test_Mode registered on the test server].
+This error indicates that the username and password in the '''Module Settings''' tab may not match your Enom login details. If '''TestMode''' is enabled, make certain that you have [http://docs.whmcs.com/Enom#Test_Mode registered it on the test server].
-===Failure connecting to GeoTrust API===
-Clients may experience this error when attempting to submit the CSR. This is because GeoTrust, Symantec and Verisign only accept ascii character in the SSL contacts. By default, SSL contacts are using client's Profile contact. When eNom sends the request to them, their parser detects and rejects the connection.
-Please re-submit the CSR without ascii (accented) characters in the contact details.
-More information is available in [https://supportcenter.custhelp.com/app/answers/detail/a_id/1700/ this knowledgebase article].
 <div class="docs-alert-info">
-<span class="title">Note:</span><br />
+The module's <tt>create</tt> function does not generate a username and password. The username and password fields will be blank under the client's '''[[Clients:Products/Services Tab|Products/Services]]''' tab.
-The module create function of this module does not generate a username and password by design. Therefore the username/password fields will be blank under the client's Products/services tab.
 </div>

Documentation