SSL Certificates
- SSL Server Test - Check security of SSL
Buying a Certificate
Namecheap
These are the steps involved in generating an SSL certificate to be validated by an SSL provider:
Create a private key to be used only by that server:
openssl genrsa -out /etc/ssl/private/private.key 2048
Create a new CSR (Certificate Signing Request) file using the RSA private key.
When creating the CSR, you will need to populate the local information. For Common Name, use the domain name to be validated. For a wildcard domain, use *.domain.com
. For a single hostname, use www.domain.com
openssl req -new -key /etc/ssl/private/private.key -out /etc/ssl/certs/domain.com.csr
Namecheap will ask for the newly generated CSR file.
Once you give them the file, they will ask for an email address to verify the SSL certificate creation with. They will pull a list of possible e-mail addresses to use. The recipient will receive a link to validate the creation of the SSL certificate. The process cannot be completed until they have validated, so make sure to send it to someone who will receive the email.
Once the order is validated, you will get an email from Namecheap with two files: the certificate, and the CA bundle.
Save the certificate to /etc/ssl/certs/domain.com.crt
Save the Certficate Authority bundle to /etc/ssl/certs/domain.com.cabundle