SSL certificate is required for a site for conducting secure credit card transactions, ranking Boost in Google and even for a legitimate look to its audiences along with many other purposes. We are going to discuss about how to install an SSL certificate for a website.
Generating CSR and RSA private key
CSR is a block of encrypted text which contains the details of your organization such as organization name, locality, country, etc.,. We have to generate CSR (Certificate Signing Request) for us to obtain the SSL certificate from a provider. You can generate CSR in the server via CLI or via any generators provided by SSL providers such as https://www.thesslstore.com/ssltools/csr-generator.php. An RSA private key will also be generated along with the CSR. Store this key in a secure location. Your SSL will work only with this key.
Obtaining the SSL
Once you have created the CSR with the correct information about your organization, you can go ahead with providing it to your SSL provider such as www.thesslstore.com and obtain the SSL certificate for your site.
You will be receiving about 4 files from your provider. The SSL certificate, the ROOT CA and the Intermediate CA certificates and a file containing all these files in a .p7b format. Specify the location of the SSL certificate and the chain certificate (the 2 CA certificates combined into a single file) in your Apache configuration. Please take a look at the below screen shot:
The following changes needs to be done in the apache configuration file :
Listen 443 https
After making the above changes in the configuration file, do a httpd/Apache restart for the changes to take effect.
You have now secured your site with an SSL certificate. Your clients will be more than happy for their purchase on your site.
Types of SSL Security
There are several types of SSL Certificates that you can choose from. This section explains the differences between the various types:
Domain Validated SSL
To put in layman terms, you simply need to validate your ownership of the domain name. These certificates are checked against the domain registry. The order normally takes from a few minutes to a few hours.
This certificate is the cheapest kind of SSL certificate available in the SSL market and is recommended where security is not the most vital factor .
If the certificate is valid and signed by a trusted authority, the browsers indicate a successfully secured HTTPS connection as shown in the screen shot given below:
Organization Validated SSL
The validation process is similar to a domain validated certificate, but the process requires additional documentation to certify and verify the company identity. Documents may be exchanged and personnel may be contacted during validation to prove the right of use.
The order can take from a few hours to a few days, due to the company validation process involved in this certificate. More validation process involved in issuing the certificate means more trust, and your visitors will have more confidence in the security of your site.
Details of the certificate obtained will be be displayed in the browser(Firefox), screenshot below,
Extended Validated SSL
These certificates are designed to provide a higher standard of assurance for visitors to authenticate the business behind the domain and it is used by most of the world’s leading organizations. The extended validated certificates reinstate the trust users have for a secured website.
When people visit your site in secure mode (HTTPS), modern browsers will show in green address bar indicating the highest level of security for an SSL certificate.
Browsers that support EV Green bar
Google Chrome, Internet Explorer 7.0+, Firefox 3+, Safari 3.2+, Opera 9.5+
When people accessing a secured EV enabled site with one of the above browsers, the following can be seen:
Detailed Certification Information
Visitors viewing details of the certificate will find more information about the organization as shown in the scree shot given below,
A Wildcard SSL Certificate enables SSL encryption on unlimited number of subdomains for a single domain. The subdomains must have the same second level domain name (i.e. domain.com). For example: Purchasing a Wildcard SSL certificate for domain.com will also allow me to secure “mike
.domain.com”, etc. However, this will not secure “store.mike.domain.com”.
And you are all set! Hope this article helps you to secure your website with SSL security.