Web Hosting Forums

Results 1 to 4 of 4

This is a discussion on SSL Certificate Overview in the Hosting Talk & Chit-chat forum

  1. #1
    Loyal Client
    Join Date
    Jan 2007

    SSL Certificate Overview

    I’ve just finished installing a SSL certificate for the first time. It was a bit of a struggle due to a lack of detailed information. I’m no expert but here’s a summary of what I found to be important.

    Configuring your Website for SSL Secure Encryption is a Three-Step Process
    1. Generate a Certificate Signing Request (CSR) and Private Key.
    2. Submit the CSR to whichever SSL Provider you choose and complete their security checks.
    3. Install the SSL certificate (CRT) from your SSL Provider.

    1. Generating a CSR and Private Key

    Look in your cPanel. If you’re lucky, you’ll have a “SSL Manager” icon. Using this interface, you can generate your own CSR and private key, as well as, install the SSL certificate (CRT). If your hosting account permits access to the usr/local/apache/conf/ folder, you can use Putty.exe to SSH onto the server and issue an “openssl req –new” command… At least for my “failover hosting” account, users are in a “jailed environment” and so cannot use Putty.exe to generate and install their own certificates. If neither of these options is available, simply submit a Support Ticket. Regardless of what method you use, make sure to keep a copy of both the CSR and private key that are generated in a safe place.


    There is some information that you will need to gather before the generation of your CSR and Private Key. This information is required as part of the CSR, and must be entered exactly as you want them to appear in your SSL certificate. When I contacted Support, they sent me a very terse summary of the required information below. As a result, the CSR that was created and submitted to my SSL Provider was messed up. Ugh! I would recommend submitting these definitions, as well as, their actual values in your Support Ticket to avoid an confusion.

    · PEM Passphrase - This is a security phrase that, like a password, ensures that only you can use your digital certificate. Be sure to use a phrase that you can easily remember but which is not easily guessed. You will need to enter the passphrase in the future to install your signed certificate.

    · Organization Name - the name under which your business is legally registered. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as a small business/sole proprietor, please enter the certificate requestor's name in the "Organization" field, and the DBA (doing business as) name in the "Organizational Unit" field.

    · Organization Unit (optional) - the organizational unit or department – may be left blank ‘.’

    · Country - a two-letter designation, the country or region in which you will use the certificate

    · State - the state or province in which you will use this certificate.

    · City - the city for your organization.

    · Common Name: the fully-qualified domain name for the Web site. The domain name that you want to use when accessing your site using SSL (ie domain.com or www.domain.com or cname.domain.com). Do not include the "http://" or "https://" prefixes in your common name. Do NOT enter your personal name in this field.

    Important: I tried asking for a wildcard designation of *.domain.com (which includes all of the above domain name designations) or else www.domain.com if a wildcard designation wasn’t possible. However, I was given domain.com instead. As a result, my website was not listed as “Verified” by websites like http://www.trustwatch.com even though my certificate is “Webtrust Compliant”. I had to redo everything starting with getting a correct CSR generated. As such, I’d highly recommend you make sure the heading on the CRT lists www.domain.com and not domain.com.

    · Certificate Label - identifies the certificate with a unique string of characters (ie YourCompany L.L.C. or [email protected]) This is the name that is displayed in the certificate details the user sees when she/he clicks on the SSL Providers logo.

    · Contact E-mail Address - The contact E-mail address that you want to have the Signing Authority use when corresponding with you.

    · Extra Information - This is additional information that is not required, but may be useful. It includes a challenge password, which some Signing Authorities use to allow you access to your certificate and which they may require when interacting with them. You can also enter additional company information.

    Important: Make sure the Organization Name, Country, State, and City you enter match the Articles Of Organization, bank statement, or other legal document you intend to submit to the SSL certificate agency.

    2. Purchase A SSL Certificate

    After making payment, you’ll be presented with online forms wherein the CSR is submitted to the SSL Provider you selected. Make sure to include the -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- lines in the CSR to your Provider. You should also do your homework and decide what type of certificate is best for you. Make sure your SSL Provider’s certificates have high browser compatibility, and consider other features like whether the certificate is “WebTrust compliant” so when potential customers check out your website at places like http://www.trustwatch.com you’ll get a good rating. As noted above, you’ll most likely be asked to provide the Articles Of Organization or some other official document to verify the organization name and address that was encrypted into the CSR.


    3. Install the SSL certificate

    If you’re unable to install your own SSL certificate (CRT) via the cPanel or by using SSH, then submit the CRT certificate and your private key in a Support Ticket.

  2. #2
    Loyal Client
    Join Date
    Jun 2006
    Great post and thank you for the info.

  3. #3
    JPC Member
    Join Date
    Sep 2006
    Thank you for sharing, bestdeck.

  4. #4
    Nice post. Thanks for taking your valuable time to share this information with people. This is what makes the forum great.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts