Buzz
SSL certificates (short for Secure Socket Layer) are used by websites and services to authenticate and encrypt data transmitted between them and their clients. SSL also verifies that you are connected to the correct service you intend to use (e.g., am I really logging into my email provider or is this a fraudulent replica?). If you are offering a website or service that requires a secure connection, installing an SSL certificate to validate your credibility might be necessary. Let’s explore the steps to achieve this in the following guide.
Steps
Using Microsoft Internet Information Services (IIS)
Generate a Certificate Signing Request (CSR). Before purchasing and installing an SSL certificate, you need to create a CSR on your server. This file contains public key and server information and is essential for generating the private key. You can create a CSR in IIS 8 with just a few clicks:
- Open Server Manager.
- Click on Tools and select Internet Information Services (IIS) Manager.
- Choose the workstation where you are installing the certificate from the Connections list.
- Open the Server Certificates tool.
- Click the Create Certificate Request link in the top-right corner under the Actions list.
- Fill in the details in the Request Certificate wizard. You’ll need to input a two-digit country code, state or province, city or town name, the full company name, department name (e.g., IT or Marketing), and the website address (commonly referred to as the domain name).
- Leave the 'Cryptographic service provider' field as default.
- Set the 'Bit length' to '2048'.
- Name the certificate request file. The file name doesn’t matter as long as you can locate it in your storage later.
Purchase an SSL Certificate. There are various online services that offer SSL certificates. You should choose a reputable provider to ensure the safety of your website and its visitors. Popular options include DigiCert, Symantec, GlobalSign, and others. The best service for you will depend on your specific needs (e.g., multiple certificates, enterprise solutions, etc.).
- You’ll need to upload the CSR file to the certificate service. This file is used to generate the certificate for your server. Most providers require you to upload the file, while others may only need the CSR content copied and pasted.
Download the Certificate. The Intermediate Certificate must be downloaded from the service where you purchased the SSL certificate. The Primary Certificate will be sent to you via email or through the customer portal of the provider.
- Rename the Primary Certificate to “yourwebsite.cer”.
Open the Server Certificates tool in IIS again. Here, click on the “Complete Certificate Request” link located below the “Create Certificate Request” link you used earlier to generate the CSR.
Locate the Certificate File. After finding the file on your computer, assign it a friendly name for easy identification on the server. Save the certificate in the “Personal” store, then click OK to install it.
- The certificate will appear in the list. If it doesn’t, ensure you’re using the same server where the CSR was generated.
Bind the Certificate to Your Website. Now that the certificate is installed, link it to the website you want to protect. Expand the “Sites” folder in the Connections list and click on the website you wish to secure.
- Click the Bindings link in the Actions list.
- Click the Add button in the Site Bindings window that appears.
- Select “https” from the “Type” dropdown menu, then choose the installed certificate from the “SSL certificate” dropdown.
- Click OK and then Close.
Install the Intermediate Certificate. Locate the Intermediate Certificate you downloaded from your service provider. Some providers offer a single certificate for installation, while others may provide multiple. these certificates to a dedicated folder on your server.
- Once copied, double-click the certificate to open its Certificate Details.
- Click the General tab. At the bottom of the window, click the “Install Certificate” button.
- Select “Place all certificates in the following store” and browse to the local store. You can locate the local store by checking the “Show physical stores” box, then selecting Intermediate Certificates and clicking on Local Computer.
Restart IIS. Before distributing the certificate, you need to restart the IIS server. To restart IIS, click Start and select Run. Enter the command “IISRESET” and press Enter. Command Prompt will appear, displaying the restart status of IIS.
Test the certificate. Use various web browsers to verify that the certificate is functioning correctly. Connect to your website using the “https://” protocol to enforce an SSL connection. A lock icon will appear in the address bar, typically on a green background.
Using Apache
Generate the CSR. Before purchasing and installing an SSL certificate, you need to create a CSR on your server. This file contains public key and server information and is essential for generating the private key. You can create the CSR directly from the Apache command line:
- Launch the OpenSSL utility. You can find it at /usr/local/ssl/bin/
- Generate the key pair by entering the following command:
openssl genrsa –des3 –out www.mydomain.com.key 2048
- Create a passphrase. You’ll need to enter this passphrase every time you interact with the key pair.
- Begin the CSR generation process. Enter the following command when prompted to create the CSR file:
openssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr - Fill in the required information. You’ll need to input a two-digit country code, state or province, city or town name, the full company name, department name (e.g., IT or Marketing), and the website address (commonly referred to as the domain name).
- Generate the CSR file. After entering the details, run the following command to create the CSR file on your server:
openssl req -noout -text -in www.mydomain.com.csr
Purchase an SSL Certificate. Numerous online services offer SSL certificates. It’s crucial to select a reputable provider to ensure the security of your website and its users. Popular options include DigiCert, Symantec, GlobalSign, and others. The best choice depends on your specific needs, such as multiple certificates or enterprise solutions.
- You’ll need to upload the CSR file to the certificate service. This file is used to generate the certificate for your server.
Download the Certificate. The Intermediate Certificate must be downloaded from the service where you purchased the SSL certificate. The Primary Certificate will be sent via email or through the provider’s customer portal. Your key will look similar to this:
-----BEGIN CERTIFICATE----- [Encoded Certificate] -----END CERTIFICATE-----
- If the certificate is in a text file, change the file extension to .CRT before uploading.
- Verify the downloaded key. Ensure there are five hyphens “-” on both sides of the BEGIN CERTIFICATE and END CERTIFICATE lines. Also, check for any unnecessary spaces or line breaks within the key.
Upload the Certificate to the Server. The certificate should be placed in a dedicated folder for key and certificate files, such as /usr/local/ssl/crt/. All certificates must be stored in the same directory.
Open the “httpd.conf” file in a text editor. Some Apache versions include an “ssl.conf” file specifically for SSL certificates. If both files exist, you only need to edit one. Add the following lines to the Virtual Host section:
SSLCertificateFile /usr/local/ssl/crt/primary.crt SSLCertificateKeyFile /usr/local/ssl/private/private.key SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
- Save the changes to the file after completion. Re-upload the file to the server if necessary.
Restart the Server. After modifying the file, you can start using the SSL certificate by restarting the server. Most versions can be restarted by entering the following commands:
apachectlp stop apachectl startssl
Test the certificate. Use various web browsers to verify that the certificate is functioning correctly. Connect to your website using the “https://” protocol to enforce an SSL connection. A lock icon will appear in the address bar, typically on a green background.
Using Exchange
Generate the CSR. Before purchasing and installing an SSL certificate, you need to create a CSR on your server. This file contains public key and server information and is essential for generating the private key.
- Open the Exchange Management Console. Click Start > Programs > Microsoft Exchange 2010 > Exchange Management Console.
- Once the program launches, click the Manage Databases link in the center of the window.
- Select “Server Configuration” from the left-hand pane. Click the “New Exchange Certificate” link in the Actions list on the right side of the screen.
- Enter a memorable name for the certificate. This is optional and only for your convenience (it does not affect the certificate).
- Enter configuration details. Exchange will automatically select the appropriate services, but if it doesn’t, you’ll need to configure them manually. Ensure all services you want to protect are selected.
- Enter organizational information. You’ll need to input a two-digit country code, state or province, city or town name, the full company name, department name (e.g., IT or Marketing), and the website address (commonly referred to as the domain name).
- Choose a location and name for the CSR file you’re about to generate. Take note of where this file is saved for the next steps in purchasing the certificate.
Purchase an SSL Certificate. Numerous online services offer SSL certificates. It’s crucial to select a reputable provider to ensure the security of your website and its users. Popular options include DigiCert, Symantec, GlobalSign, and others. The best choice depends on your specific needs, such as multiple certificates or enterprise solutions.
- You’ll need to upload the CSR file to the certificate service. This file is used to generate the certificate for your server. Most providers require you to upload the file, while others may only need the CSR content copied and pasted.
Download the Certificate. The Intermediate Certificate must be downloaded from the service where you purchased the SSL certificate. The Primary Certificate will be sent via email or through the provider’s customer portal.
- the certificate file you received to the Exchange server.
Install the Intermediate Certificate. In most cases, you can copy the provided certificate data into a text document and save it as “intermediate.cer”. Open Microsoft Manage Console (MMC) by clicking Start, selecting Run, and typing “mmc”.
- Click File and choose Add/Remove Snap In.
- Click Add, select Certificates, and then click Add again.
- Choose Computer Account and click Next. Select Local Computer as the storage location. Click Finish and then OK. You’ll return to the MMC.
- Select Certificates in the MMC. Choose “Intermediate Certification Authorities” and then select Certificates.
- Right-click Certificates, select All Tasks, and then choose Import. Use the wizard to load the Intermediate Certificate you downloaded from your provider.
Open the “Server configuration” section in the Exchange Management Console. Refer to step 1 for instructions on accessing “Server configuration”. Then, click on the certificate in the center of the window and select the “Complete Pending Request” link in the Actions list.
- Browse for the Primary Certificate file and click Complete. Once the certificate is uploaded, click Finish.
- Ignore any errors indicating failure; this is a common occurrence.
Using cPanel
Generate the CSR. Before purchasing and installing an SSL certificate, you need to create a CSR on your server. This file contains public key and server information and is essential for generating the private key.
- Log in to cPanel. Open the dashboard and locate the SSL/TLS Manager.
- Click the “Generate, view, upload, or delete your private keys” link.
- Scroll down to the “Generate a New Key” section. Enter the domain name or select it from the dropdown menu. Choose 2048 for “Key Size”. Click the Generate button.
- Click “Return to SSL Manager”. From the main menu, select the “Generate, view, or delete SSL certificate signing requests” link.
- Enter organizational details. You’ll need to input a two-digit country code, state or province, city or town name, the full company name, department name (e.g., IT or Marketing), and the website address (commonly referred to as the domain name).
- Click the Generate button. The CSR will appear. You can copy and paste this code into the certificate purchase form. If the service requires a CSR file, copy the code into a text editor and save it as a .CSR file.
Purchase an SSL Certificate. Numerous online services offer SSL certificates. It’s crucial to select a reputable provider to ensure the security of your website and its users. Popular options include DigiCert, Symantec, GlobalSign, and others. The best choice depends on your specific needs, such as multiple certificates or enterprise solutions.
- You’ll need to upload the CSR file to the certificate service. This file is used to generate the certificate for your server. Most providers require you to upload the file, while others may only need the CSR content copied and pasted.
Download the Certificate. The Intermediate Certificate must be downloaded from the service where you purchased the SSL certificate. The Primary Certificate will be sent via email or through the provider’s customer portal.
Reopen the SSL Manager menu in cPanel. Click the “Generate, view, upload, or delete SSL certificates” link. Click the Upload button to locate the certificate you received from the provider. If the certificate was downloaded as a text file, paste its content into the browser’s text box.
Click the “Install SSL Certificate” link. The SSL certificate installation process will complete. The server will restart, and the certificate will be distributed.
Test the certificate. Use various web browsers to verify that the certificate is functioning correctly. Connect to your website using the “https://” protocol to enforce an SSL connection. A lock icon will appear in the address bar, typically on a green background.
