SSL Certificate Installation

SSL certificates determine how sites and web services obtain validation for the encryption of data transmitted between them and their users. SSL certificates are also used to ensure that you are actually connected to the intended service (such as, are you actually logging into an email provider or a fraudulent site?). If you provide a website or service that requires a secure connection, we recommend that you install an SSL certificate for validation. Please read the information below for procedures for installing an SSL certificate.

1. Generate Certificate Signing Request (CSR). Before you can purchase and install an SSL Certificate, you must generate a CSR on the server. This file contains your server and public key information needed to generate a private key. You can generate a CSR directly from the Apache command line:

  • Run the OpenSSL utility. It is usually located in/usr/local/ssl/bin/
  • Create a pair of keys by entering the following command:
     openssl genrsa –des3 –out www.mydomain.com.key 2048
  • Create a passphrase. The passphrase must be entered every time you interact with the key.
  • Run the CSR creation process. Enter the following command when prompted to create a CSR file:
    openssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr
  • Fill in the requested information. You must enter a two-digit country, state or province code, city name, full company name, section name (for example IT or Marketing), and a common name (usually a domain name).
  • Create a CSR file. Once the information is entered, run the following command to generate a CSR file on the server:

    openssl req -noout -text -in www.mydomain.com.csr

 

2. Order your SSL certificate.There are several internet services that offer SSL certificates. Make sure to only order from reputable services, as your and your customers’ safety is at stake here. There are several well-known services for example DigiCertSymantecGlobalSign and many more. The best service varies greatly and depends on your needs (number of certificates, company solutions, etc.).

  • You must upload the CSR file to the certificate service when ordering it. This file will be used to generate a certificate for your server.
 
3. Take your certificate. You must download Intermediate Certificates from the service where you purchased the certificate. You will receive the Primary Certificate via email or in the customer area of ​​the website. Your key will look like this:
-----BEGIN CERTIFICATE-----

[Encoded Certificate]

-----END CERTIFICATE-----
  • If the certificate is a text file, you must convert it to a .crt file before uploading.
  • Check the downloaded key. There must be 5 hyphens “-” on the side of the BEGIN CERTIFICATE or END CERTIFICATE line. Also ensure that there are no extra spaces or line breaks included in the key.
 

4. Upload the certificate to the server. The certificate must be placed in a folder dedicated to certificates and key files. An example of a certificate location is /usr/local/ssl/crt/. All certificates are in the same folder.

5. Open the “httpd(dot)conf” file from a text editor. Some versions of Apache have an ssl(dot)conf file for the SSL certificate. Just edit one of the files if there are two files. Add the following line to the Virtual Host section:

SSLCertificateFile /usr/local/ssl/crt/primary.crt
SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
  • Save changes to a file when finished. Re-upload the file if necessary.
 

6. Reboot the server. Once the files have changed, you can start using your SSL certificate by restarting the server. Most versions can be restarted by entering the following command:

apachectlp stop
apachectl startssl

7. Test certificate. Use various web browsers to test if your certificate is working properly. Connect to your website using “https://” to force an SSL connection. You’ll see a lock icon in the address bar, usually with a green background.

1. Generate Certificate Signing Request (CSR). Before you can purchase and install an SSL certificate, you must generate a CSR on the server. This file contains the server and public key information needed to generate your private key. You can create a CSR in IIS 8 with just a few mouse clicks:

  • Open Server Manager.
  • Click Tools and select Internet Information Services (IIS) Manager.
  • Select the workstation where you installed the certificate under the Connections list.
  • Open the Server Certificates tool.
  • Click the Create Certificate Request link in the top right corner, under the Actions list.
  • Fill in the information in the Request Certificate wizard. You must enter a two-digit country, state or province code, city name, full company name, section name (for example IT or Marketing), and a common name (usually a domain name).
  • Leave “Cryptographic service provider” set to default.
  • Set “Bit length” to “2048”.
  • Provide the certificate request file name. The file name doesn’t matter, as long as you can find it among your files.

2. Order your SSL certificate. There are several internet services that offer SSL certificates. Make sure to only order from reputable services, as your and your customers’ safety is at stake here. Some well-known services for example DigiCertSymantecGlobalSign, and much more. The best service varies and depends on your needs (number of certificates, company solutions, etc.).

  • You must upload the CSR file to the certificate service when ordering it. This file will be used to generate a certificate for your server. Some providers require you to copy the contents of the CSR file, while others require you to upload the file yourself.

3.Download certificate. You must download Intermediate Certificates from the service where you purchased the certificate. You will receive the Primary Certificate via email or in the customer area of ​​the website.

  • Change the name of the Primary Certificate to “yoursitename.cer”.

4. Open the Server Certificate tool in IIS again. From here, click the “Complete Certificate Request” link below the “Create Certificate Request” link that you clicked to generate the CSR.

5. Browse the certificate file. Give it a name that is easy to remember, namely a name that quickly identifies the certificate on the server. Save the certificate in “Personal” storage. Click OK to install the certificate.

  • Your certificate will appear in the list. If not, make sure that you are using the server where you generated the CSR.

6. Bind the certificate to your website. Now the certificate is installed, and you need to bind it to the website you want to protect. Expand the “Sites” folder in the Connections list, then click on the website.

  • Click the Bindings link in the Actions list.
  • Click the Add button in the Site Bindings window that appears.
  • Select “https” from the “Type” dropdown menu, and select the installed certificate from the “SSL certificate” dropdown menu.
  • Press OK and then Close.

7. Install Intermediate Certificates. Look for Intermediate Certificates that you download from the certificate provider. Some providers provide more than one certificate that must be installed, while others only have one certificate. Copy the certificate to a special folder on the server.

  • Once the certificate is copied to the server, double click to open Certificate Details.
  • Click the General tab. Click the “Install Certificate” button at the bottom of the window.
  • Select “Place all certificates in the following store” then browse to local storage. Find it by checking the “Show physical stores” box, select Intermediate Certificates, then click Local Computer.

8. Restart IIS. To start distributing certificates, you must restart the IIS server. To reboot, click Start and then select Run. Type “IISREset” and then press Enter. Command Prompt will appear and display the status.

9. Test your certificate. Use various web browsers to test if your certificate is working properly. Connect to your website using “https://” to force an SSL connection. You’ll see a lock icon in the address bar, usually with a green background.

1. Generate Certificate Signing Request (CSR).Before you can purchase and install an SSL certificate, you must generate a CSR on the server. This file contains the server and public key information needed to generate your private key. You can create a CSR in IIS 8 with just a few mouse clicks:

  • Open Server Manager.
  • Click Tools and select Internet Information Services (IIS) Manager.
  • Select the workstation where you installed the certificate under the Connections list.
  • Open the Server Certificates tool.
  • Click the Create Certificate Request link in the top right corner, under the Actions list.
  • Fill in the information in the Request Certificate wizard. You must enter the two-digit country, state or province code, city name, full company name, section name (for example IT or Marketing), and the common name (usually the domain name).
  • Leave “Cryptographic service provider” set to default.
  • Set “Bit length” to “2048”.
  • Provide the certificate request file name. The file name doesn’t matter, as long as you can find it among your files.

2. Order your SSL certificate. There are several internet services that offer SSL certificates. Make sure to only order from reputable services, as your and your customers’ safety is at stake here. Some well-known services for example DigiCertSymantecGlobalSign, and much more. The best service varies and depends on your needs (number of certificates, company solutions, etc.).

  • You must upload the CSR file to the certificate service when ordering it. This file will be used to generate a certificate for your server. Some providers require you to copy the contents of the CSR file, while others require you to upload the file yourself.

3. Download certificate. You must download Intermediate Certificates from the service where you purchased the certificate. You will receive the Primary Certificate via email or in the customer area of ​​the website.

  • Change the name of the Primary Certificate to “yoursitename.cer”.

4. Open the Server Certificate tool in IIS again. From here, click the “Complete Certificate Request” link below the “Create Certificate Request” link you clicked to generate the CSR.

5. Browse the certificate file. Give it a name that is easy to remember, namely a name that quickly identifies the certificate on the server. Save the certificate in “Personal” storage. Click OK to install the certificate.

  • Your certificate will appear in the list. If not, make sure that you are using the server where you generated the CSR.

6. Bind the certificate to your website. Now the certificate is installed, and you need to bind it to the website you want to protect. Expand the “Sites” folder in the Connections list, then click on the website.

  • Click the Bindings link in the Actions list.
  • Click the Add button in the Site Bindings window that appears.
  • Select “https” from the “Type” dropdown menu, and select the installed certificate from the “SSL certificate” dropdown menu.
  • Press OK and then Close.

7. Install Intermediate Certificates. Look for Intermediate Certificates that you download from the certificate provider. Some providers provide more than one certificate that must be installed, while others only have one certificate. Copy the certificate to a special folder on the server.

  • Once the certificate is copied to the server, double click to open Certificate Details.
  • Click the General tab. Click the “Install Certificate” button at the bottom of the window.
 
 

1. Generate Certificate Signing Request (CSR). Before you can purchase and install an SSL certificate, you must generate a CSR on the server. This file contains your server and public key information needed to generate a private key.

  • Log in to cPanel. Go to control panel and find SSL/TLS Manager.
  • Click the “Generate, view, upload, or delete your private keys” link.
  • Go to the “Generate a New Key” section. Enter a domain name, or select it from the drop-down menu. Select 2048 for “Key Size”. Click the Generate button.
  • Click “Return to SSL Manager”. From the main menu, select the “Generate, view, or delete SSL certificate signing requests” link.
  • Enter your organization information. You must enter the two-digit country, state or province code, city name, full company name, section name (for example IT or Marketing), and the common name (usually the domain name).
  • Click the Generate button. Your CSR will be displayed. You can copy and insert it into the certification order form. If the service requires the CSR as a file, copy the text into a text editor and save it as a CSR file.

2. Order your SSL certificate. There are several internet services that offer SSL certificates. Make sure to only order from reputable services, as your and your customers’ safety is at stake here. Some well-known services for example DigiCertSymantec, GlobalSign, and much more. The best service varies greatly and depends on your needs (number of certificates, company solutions, etc.).

  • You must upload the CSR file to the certificate service when ordering it. This file will be used to generate a certificate for your server. Some providers require you to copy the contents of the CSR file, while others require you to upload the file yourself.

3. Download certificate. You must download Intermediate Certificates from the service where you purchased the certificate. You will receive the Primary Certificate via email or in the customer area of ​​the website.

4. Open the SSL Manager menu in cPanel again. Click the “Generate, view, upload, or delete SSL certificates” link. Click the Upload button to search for the certificate you received from the certificate provider. If the certificate is in text form, paste it into the box in your browser.

5. Click the “Install SSL Certificate” link. To complete the SSL certificate installation. The server will reboot, and certificates will begin to be distributed.

6. Test your certificate. Use various web browsers to test if your certificate is working properly. Connect to your website using “https://” to force an SSL connection. You’ll see a lock icon in the address bar, usually with a green background.

If you have any other questions, please use the contact us form,  via email sales@sslsingapore.com,