How To Install an SSL Certificate from a Commercial Certificate Authority. Introduction. This tutorial will show you how to acquire and install an SSL certificate from a trusted, commercial Certificate Authority (CA). An SSL certificate installation guide on HSphere. Tackle an SSL certificate on HSphere through few easy steps from RapidSSLonline.How to Install a Wildcard certificate onto IIS 7.X. To verify the SSL certificate installation. The Tutorial page is a detailed guidance on how to step-by-step manually or automatically install and bind a certificate on IIS and Apache web server. SSL Certificate Installation This is a tutorial on how to install SSL certificate. To install an SSL certificate Click the SSL icon on the control panel. SSL certificates allow web servers to encrypt their traffic, and also offer a mechanism to validate server identities to their visitors. The main benefit of using a purchased SSL certificate from a trusted CA, over self- signed certificates, is that your site's visitors will not be presented with a scary warning about not being able to verify your site's identity. This tutorial covers how to acquire an SSL certificate from the following trusted certificate authorities: Go. Daddy. Rapid. SSL (via Namecheap)You may also use any other CA of your choice. After you have acquired your SSL certificate, we will show you how to install it on Nginx and Apache HTTP web servers. Prerequisites. There are several prerequisites that you should ensure before attempting to obtain an SSL certificate from a commercial CA. This section will cover what you will need in order to be issued an SSL certificate from most CAs. Money. SSL certificates that are issued from commercial CAs have to be purchased. The best free alternative are certificates issued from Let's Encrypt. Let's Encrypt is a new certificate authority that issues free SSL/TLS certificates that are trusted in most web browsers. Registered Domain Name. Before acquiring an SSL certificate, you must own or control the registered domain name that you wish to use the certificate with. If you do not already have a registered domain name, you may register one with one of the many domain name registrars out there (e. How SSL works by leadingcoder. This is a full tutorial how to setup SSL that requires client certificate for reference: http://www.windowsecurity.com/article. Namecheap, Go. Daddy, etc.). Domain Validation Rights. For the basic domain validation process, you must have access to one of the email addresses on your domain's WHOIS record or to an . Certificate authorities that issue SSL certificates will typically validate domain control by sending a validation email to one of the addresses on the domain's WHOIS record, or to a generic admin email address at the domain itself. Some CAs provide alternative domain validation methods, such as DNS- or HTTP- based validation, which are outside the scope of this guide. If you wish to be issued an Organization Validation (OV) or Extended Validation (EV) SSL certificate, you will also be required to provide the CA with paperwork to establish the legal identity of the website's owner, among other things. Web Server. In addition to the previously mentioned points, you will need a web server to install the SSL certificate on. This is the server that is reachable at the domain name for which the SSL certificate will be issued for. Typically, this will be an Apache HTTP, Nginx, HAProxy, or Varnish server. If you need help setting up a web server that is accessible via your registered domain name, follow these steps: Set up a web server of your choice. For example, a LEMP (Nginx) or LAMP (Apache) server- -be sure to configure the web server software to use the name of your registered domain. Configure your domain to use the appropriate nameservers. If your web server is hosted on Digital. Ocean, this guide can help you get set up: How To Point to Digital. Ocean's Nameservers from Common Domain Registrars. Add DNS records for your web server to your nameservers. If you are using Digital. Ocean's nameservers, follow this guide to learn how to add the appropriate records: How To Set Up a Host Name with Digital. Ocean. Choose Your Certificate Authority. If you are not sure of which Certificate Authority you are going to use, there are a few important factors to consider. ![]() At an overview level, the most important thing is that the CA you choose provides the features you want at a price that you are comfortable with. This section will focus more on the features that most SSL certificate buyers should be aware of, rather than prices. Root Certificate Program Memberships. The most crucial point is that the CA that you choose is a member of the root certificate programs of the most commonly used operating systems and web browsers, i. If your website's SSL certificate is signed by a trusted. For example, Apple provides its list of trusted SSL root certificates for i. OS8 here. Certificate Types. Ensure that you choose a CA that offers the certificate type that you require. Many CAs offer variations of these certificate types under a variety of, often confusing, names and pricing structures. Here is a short description of each type: Single Domain: Used for a single domain, e. Note that additional subdomains, such as www. Wildcard: Used for a domain and any of its subdomains. For example, a wildcard certificate for *. Multiple Domain: Known as a SAN or UC certificate, these can be used with multiple domains and subdomains that are added to the Subject Alternative Name field. For example, a single multi- domain certificate could be used with example. In addition to the aforementioned certificate types, there are different levels of validations that CAs offer. We will cover them here: Domain Validation (DV): DV certificates are issued after the CA validates that the requestor owns or controls the domain in question. Organization Validation (OV): OV certificates can be issued only after the issuing CA validates the legal identity of the requestor. Extended Validation (EV): EV certificates can be issued only after the issuing CA validates the legal identity, among other things, of the requestor, according to a strict set of guidelines. The purpose of this type of certificate is to provide additional assurance of the legitimacy of your organization's identity to your site's visitors. EV certificates can be single or multiple domain, but not wildcard. This guide will show you how to obtain a single domain or wildcard SSL certificate from Go. Daddy and Rapid. SSL, but obtaining the other types of certificates is very similar. Additional Features. Many CAs offer a large variety of . Some of these features can end up saving you money, so it is important that you weigh your needs against the offerings carefully before making a purchase. Example of features to look out for include free certificate reissues or a single domain- priced certificate that works for www. In this tutorial, we will just keep all of the relevant files in our home directory but feel free to store them in any secure location on your server: cd ~. To generate a private key, called example. CSR, called example. At this point, you will be prompted for several lines of information that will be included in your certificate request. The most important part is the Common Name field which should match the name that you want to use your certificate with- -for example, example. If you are planning on getting an OV or EV certificate, ensure that all of the other fields accurately reflect your organization or business details. For example: Country Name (2 letter code) . The . key file is your private key, and should be kept secure. The . csr file is what you will send to the CA to request your SSL certificate. You will need to copy and paste your CSR when submitting your certificate request to your CA. We will show two examples, Go. Daddy and Rapid. SSL via Namecheap, but feel free to get a certificate from any other vendor. Example CA 1: Rapid. SSL via Namecheap. Namecheap provides a way to buy SSL certificates from a variety of CAs. We will walk through the process of acquiring a single domain certificate from Rapid. SSL, but you can deviate if you want a different type of certificate. Note: If you request a single domain certificate from Rapid. SSL for the www subdomain of your domain (e. For example, if your certificate request is for www. Select and Purchase Certificate. Go to Namecheap's SSL certificate page: https: //www. Here you can start selecting your validation level, certificate type (. Then finish the payment process. Request Certificate. After paying for the certificate of your choice, go to the Manage SSL Certificates link, under the . Click on the Activate Now link for the certificate that you want to use. Now select the software of your web server. This will determine the format of the certificate that Namecheap will deliver to you. Commonly selected options are . Select the address that you want to send the validation email to. Provide the . Click the Submit order button. Validate Domain. At this point, an email will be sent to the . Open the email and approve the certificate request. Download Certificates. After approving the certificate, the certificate will be emailed to the Technical Contact. The certificate issued for your domain and the CA's intermediate certificate will be at the bottom of the email. Copy and save them to your server in the same location that you generated your private key and CSR. Name the certificate with the domain name and a . We will walk through the process of acquiring a single domain certificate, but you can deviate if you want a different type of certificate. Select and Purchase Certificate. Go to Go. Daddy's SSL certificate page: https: //www. Scroll down and click on the Get Started button. Select the type of SSL certificate that you want from the drop down menu: single domain, multidomain (UCC), or wildcard. Then select your plan type: domain, organization, or extended validation. Then select the term (duration of validity). Then click the Add to Cart button. Review your current order, then click the Proceed to Checkout button. Complete the registration and payment process. Request Certificate. After you complete your order, click the SSL Certificates* button (or click on My Account > Manage SSL Certificates in the top- right corner). Find the SSL certificate that you just purchased and click the Set Up button. If you have not used Go. Daddy for SSL certificates before, you will be prompted to set up the . Click on the Launch button next to your new certificate. Provide your CSR by pasting it into the box. The SHA- 2 algorithm will be used by default.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |