How to Purchase and Install SSL Certificates
How to purchase and install SSL certificates
How to purchase SSL certificate
- You can purchase an SSL certificate from a domain registrar, a web-host or direct from a trusted Certificate Authority. There are several types of certificates, each with different issuance processes and for different purposes.
| Certificate type | Description |
| Domain validated certificate | Domain validated certificates are the most basic and at the lower cost end of SSL certificates out there. Once the Certificate Authority has confirmed that the requester has control over the domain (via confirmation email, adding a DNS record, or by adding a text to the hosted website), the certificate is immediately generated and sent to the requester. |
| Organization validated certificate | Organization validated certificates include an additional vetting process by the Certificate Authority to verify the legitimacy of the organization. For example, the Certificate Authority may contact the person listed as the organization’s primary contact during business hours or ask for documents supporting the authenticity of the organization. Unlike DV certificates, OV certificates contain legitimate business information. This is best used by commercial or public facing website whereby visitor trust is essential. |
| Extended validated certificate | Extended validation certificates provide the highest trust recognition for an organization. All requests for this type of certificate will go through extensive vetting of the organization by the Certificate Authority, which may result in a longer processing time. With extended validation certificates, visitors to the website will see the address bar of the browser turn green, giving visitors immediate assurance that an organization’s legal and physical existence was verified according to strict industry standards. This is best used by companies who highly value consumer trust for their business and websites that deal with sensitive customer information such as payment details. |
| Wildcard certificate | Wildcard certificates allow customers to protect a single domain and all of its subdomains under a single SSL certificate. For example, a wildcard certificate can be used to secure mydomain.com, mail.mydomain.com and login.mydomain.com. This is particularly useful for websites with a list of subdomains that will change over time as the certificate automatically covers all of the website’s subdomains. |
| SAN certificate | SAN supported certificates allow you to protect other domains other than the primary domain using a single SSL certificate. For example, a single SAN supported certificate can be used to protect mydomainone.com, mydomaintwo.com, mydomainthree.com etc. |
- Before you can continue with your SSL certificate purchase, you must first generate a certificate signing request (CSR). See ‘How to generate a CSR file’ for instructions.
- Together with the CSR, provide all required information and complete the purchase Once completed, the certificate request is sent to the Certificate Authority to validate and process the request. This may take a few minutes or up to a week, depending on the type of certificate purchased.
- Once validated, the SSL certificate is sent to you and you can then install it to your See ‘How to install SSL certificates’ for instructions.
How to generate a CSR file
Using LINUX operating system
- Create a private key (if you’re ordering an EV certificate, you should use 2048-bit encryption instead of 1024 bit)
openssl genrsa -out subdomain.mydomain.com.key 1024
- Create a CSR based on the previously created private key
openssl req -new -key subdomain.mydomain.com.key -out subdomain.mydomain.com.csr
- Fill out the required fields as Please note that when creating a CSR for a wildcard certificate, Common Name should be *.myd omain.com instead of a subdomain.mydomain.com.
| Field | Description | Example |
| Country Name | 2 Letter country code | CA |
| State or Province | Full state name | British Columbia |
| Locality | Full city name | Vancouver |
| Organization | Entity’s legal name | |
| Organizational Unit | Optional, eg a department | |
| Common Name | Domain or entity name | mydomain.com |
- To review the provided information,
openssl req -noout -text -in subdomain.mydomain.com.csr
- Your CSR is now available
cat subdomain.mydomain.com.csr
Using Windows operating system
- Select Administrative Tools.
- Start Internet Services Manager.
- Open the properties window for the website the CSR is You can do this by right clicking on the Default Website and selecting Properties from the menu.
- Open Directory Security by right clicking on the Directory Security tab.
- Click Server Certificate The following wizard will appear:
- Click Create a new certificate and click Next.
- Select Prepare the request and click Next.
- Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple This is for your records only.
- If your server is 40 bit enabled, you will generate a 512 bit If your server is 128 bit you can generate up to 1024 bit keys. We recommend you stay with the default of 1024 bit key if the option is available. Click Next.
- Enter Organization and Organization Unit, these are your company name and department Click Next.
- The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL certificate. Click Next.
- Enter your country, state and city. Click Next.
- Enter a filename and location to save your You will need this CSR to enroll for your IIS SSL Certificate. Click Next.
- Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the domain name the Certificate is to be “Issued To”. Your IIS SSL Certificate will only work on this Click Next when you are happy the details are absolutely correct.
- When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form – including
-----BEGIN CERTIFICATE REQUEST-----
to
-----END CERTIFICATE REQUEST-----
- Click Next
- Confirm your details in the enrollment form
- To save your private key
- Go to Certificates snap in the MMC
- Select Requests > All tasks > Export.
How to install SSL certificates
Apache
Note that the location of webserver configuration file may be different than what is specified below as it may vary depending on your operating system.
- Add the SSL certificate file to the designated For example, /usr/local/apache/conf/ssl.crt or /etc/httpd/conf/ssl.crt.
- Open conf file in a text editor.
- Locate the secure virtual host pertaining to your You should have the following directives within this virtual host (otherwise, please add them).
For Comodo certificates:
- Save the changes and exit the
- Restart your Apache web server (Default: /usr/local/apache/bin/apachectl startssl or /usr/local/apache/bin/apachectl restart).
- Test your SSL certificate by connecting to your Use the https protocol directive (for example, https://yourserver/).
Apache 2
Note that the location of webserver configuration file may be different than what is specified below as it may vary depending on your operating system.
- Add the SSL certificate file to the designated For example, /usr/local/apache2/conf/ssl.crt.
- Open conf file in a text editor.
- Locate the secure virtual host pertaining to your You shoudl have the following directives within this virtual host (otherwise, please add them).
For Comodo certificates,
- Save the changes and exit the
- Restart your apache web server (Default: /usr/local/apache2/bin/apachectl stop and /usr/local/apache2/bin/apachectl start).
- Test your SSL certificate by connecting to your Use the https protocol directive (for example, https://yourserver/).
Further information can be found in the official apache documentation.
Microsoft IIS
- Select Administrative Tools.
- Select Internet Services Manager.
- Right click on Default Website and select Properties from the
- Right click on Directory Security
- Click on Server The following wizard will appear:
- Select Process the pending request and install the certificate Click Next.
- Select the location of your SSL certificate and click Next.
- Make sure that you are processing the right SSL certificate and all information is Click Next.
- You will see a confirmation When you have read the information, click Next.
- Your SSL certificate is now installed on your server.
Note that you must restart your computer to complete the installation process.
