Installing Your SSL Certificate

As the news spreads about the upcoming changes Google will implement, Solopreneurs have a chance to make great moves and secure their websites while prepping themselves to generate income online.

Companies, and the Internet, have been rocked by the news that Google would now give preference to websites that generate the lime green security lock and the famous “https” website protocol. The Summer of 2014 was met with mixed feelings about Google giving ranking boosts to sites that transformed themselves into secured websites.

These were once designated for websites that sold products or services, but now Google is using this opportunity to force legitimate online businesses to ‘prove” that they are all about the safety. Find out more about Google’s decision here. In case you are not sure what an SSL Certificate is or how it works, check out the details here.

That being said, let’s talk about installing that SSL bad boy. I found a great article on wikiHow giving step-by-step instructions on four ways to install your SSL Certificate. I’ve brought in a few of the footnotes with extra information that wikiHow graciously provided. I speak about two of them here: The Hard Way vs the Sexy Way.

The Hard Way (Apache)

Some folks that to do things the hard way. Perhaps it gives them character. If that’s you here are the steps on installing your SSL Certificate through Apache. More details and images can be found in the full article on wikiHow

1. Generate a Certificate Signing Request (CSR). Before purchasing and installing your SSL certificate, you   need to generate a CSR on your server. This file contains your server and public key information, and is required to generate the private key. Generate your CSR directly from the Apache command line:

   • Launch the OpenSSL utility located at /usr/local/ssl/bin/
   • Create your key pair by entering the following command:

      openssl genrsa –des3 –out www.mydomain.com.key 2048
     

   • Create your passphrase as this will need to be entered whenever you work with your keys.
   • Begin generating your CSR by entering the following command when prompted so the CSR file will be created:

     openssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr
     

   • Enter the requested information: your two-digit country code, your state or province, city or town name, full name of your company, industry/section name (i.e. IT or Marketing), and the common name (this would typically be your domain name).
   • Once the required information has been entered, run command below to generate your CSR file directly on your server:^[1]

     openssl req -noout -text -in www.mydomain.com.csr

2. Time to purchase your SSL certificate. There are several services online that offer SSL certificates, my preference has been through Namecheap. They sell the highly popular Comodo SSL Certificates. Whomever you choose, make sure to only order from a reputable service, since you and your customer’s security is at risk. Popular services include Comodo, DigiCert, Symantec, GlobalSign, and more. The best service for you will vary depending on your needs (multiple certificates, enterprise solutions, etc.).

   • Next thing for you to do is to upload your CSR file to your chosen certificate service when you order it. This is how you will generate the certificate for your server.

3. Download your certificates. You will need to download the Intermediate Certificates from your certificates provider. Your Primary Certificate will arrive via email or through the customer area of the website. Your key should look similar to the setup below:

   -----BEGIN CERTIFICATE-----
    
   [Encoded Certificate]
    
   -----END CERTIFICATE-----
   

   • If the certificates arrive as a text file, you need to change it to (resave it as) a .CRT file before uploading it to your server.
   • Check the keys you’ve download. There should be 5 dashes “-” on either side of the BEGIN CERTIFICATE and END CERTIFICATE lines. Also ensure that there are no extra spaces or line breaks inserted into the key itself.
4. Upload certificates to your server. Most servers will and should walk you through uploading if you run into any issues. The certificates should be placed into a folder dedicated to certificates and key files. An example location would be /usr/local/ssl/crt/. All of your certificates must to be located in the same folder.

5. Open your “httpd.conf” file in a text editor of your choice. Some versions of Apache have an “ssl.conf” file for the SSL certificates. Only edit one of the two if you have both. Add the following lines to the Virtual Host section:^[2]

   SSLCertificateFile /usr/local/ssl/crt/primary.crt
   SSLCertificateKeyFile /usr/local/ssl/private/private.key
   SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
   

   • Save the changes to the file once you are finished. Re-upload the file if necessary.

6. Restart your server. Once the file has been changed, you can start using your SSL certificate by restarting your server. Most versions can be restarted by entering the following commands:

   apachectlp stop
   apachectl startssl

7. Test your certificate. Use various web browsers to test that your certificate is working properly. Connect to your website by typing “https://” to force the SSL connection. You should see the padlock icon in your address bar, usually with a green background.^[3]

The Sexy Way (cPanel)

For the rest of us who like to do things all sexy like here is another way to install your SSL Certificate through cPanel. Most webhost providers will have this interface thus making your installation process slightly quicker and simplified. More details and images can be found on wikiHow