Note this relates to certs for dedicated hosting – shared hosts will sell these transparently. We’ve all created self-signed SSL certs and while these do the job they just don’t cut it from a customer satisfaction point of view. “Your website is down, it keeps complaining about security”.
So in this case we need a Trusted cert, verified by a 3rd party authority like Verisign or Comodo. It’s actually quite easy to do but there are extra steps and paperwork to file.
First the SSL Cert provider will require you to fill out the details of the registration (name of company, contact, country code, address, etc ,etc.). These need to be embedded into the cert exactly as they are in the order form.
Once you have this done you will be asked for a CSR. This will need to be generated on your box.
- Log into the server
- Make sure that openssl is installed (Can’t imagine why you wouldn’t have it!)
- Generate a key using “openssl genrsa -out domain.tld.key 2048”
- Generate a CSR from your key using “openssl req -new -key domain.tld.key -out domain.tld.csr”. Here you will be asked to fill in details like country, company name, common name (that’s usually the web address), and other details. Enter as much as you can and make sure that it matches what is in the order form.
- Enter a “Challenge Password” and keep it handy
- ls *.csr and you will see your cert.
- Verify that the cert is OK by running “openssl req -in domain.tld.csr -noout -text”
- Download the cert and send it to the SSL provider.
- Once verified the provider should send your SSL cert to you.
QED
Great! thanks for the share!
I like this web site very much so much great information.
I always read your blog, if you can, please publish new stuff more frequently 😀