Skip to content

Tips on How to Use and Install an SSL Cert

Secure socket layer certificates (SSL certs) are used to protect information entered on web sites from being viewed from outside sources and prevents people from impersonating your identity. SSLs encrypt the data entered and passed between servers and consumer’s personal computers. Their use allows for safe business transactions online and prevents impersonation attacks.

Prior to installing a cert, one of the first things you need to do is determine what server you are running and what type of SSL cert you have. Apache is the most commonly used server but there are Microsoft and various other servers that support it. There are regular certificates and extended validation (EV) certificates. You must also confirm that your web site has a dedicated IP address. If you are on a shared hosting plan, you will need to switch to a dedicated IP in order to install your certificates.

It is important to keep in mind the steps to installing your certificates will vary with each server and signer. These basic things need to be done to install a standard SSL cert on an Apache server. Creating the private key and certificate signing request (CSR) are the first two steps to install your certificate. Creating a key consists of using a utility on the server called openssl, which is usually found in a certain bin directory on your server that is specific to the certificate. Compressed text files should be created in order to use them as random seeds during the key generation.

What happens is that you use a random RSA key generator command using the text files you created, and an indication of what bit encryption you prefer (usually 1024). You will then be prompted to create a password for the key. It is crucial that you choose a very secure password. Your password should consist of both uppercase and lowercase numbers and letters and be something that you remember. If your password is lost, the certificate will be useless and you will have to buy and install another. Your key should also be stored on some form of permanent media for backup.

In order to generate the CSR, the openssl utility is also used along with a special command to generate it. As the CSR is being generated, you will be prompted to enter some information such as your given name and your company’s name, your location, and your fully qualified domain name. Once the CSR is created, you can have it verified by a signing authority or self-sign the certificate.

When you have your verified signed certificate and the key created, you will find directories on the Apache server that mod_ssl creates in which to store your files. These directories are recognized as ssl.crt for the certificates, and ssl.key for the keys, and ssl.csr for the CSRs. Once your files are in their respective directories, you can test your certificate by using a browser and the https: protocol to access your domain. If you see a locked padlock, your certificate is working correctly.