SSL-certificates: what are these, why do you need them and how to generate a request for a certificate signing?
With the beginning of 2017 Google practically announced the sites which use HTTP connection out of law. Not literally, of course, but they have threatened to mark them as unreliable in Google Chrome and begun to embody the threats. That is why those owners of the sites who care about attendance and rating have become seriously concerned about getting the certificates. So, we have already felt it in full measure – the number of certificate buying appeals and adjustment of HTTPS connection have increased greatly for the last months. We have prepared a brief review of the topic for those who haven’t understood the SSL certificate transition yet, for you to know about all the details of such transformation.
What is SSL?
SSL (secure socket layer – is a level of secured sockets) is one of the Internet technologies of safe connection which protects the connection between web service (site) and browser.
SSL certificate is a digital identification of the site. It confirms that all information transforming between the site and the clients’ programs is encrypted and transferred on a defended canal.
The usage of SSL certificate guarantees to the visitor of the site:
- Identity of the data. SSL affirms that the user receives data from the domain, where the site of the company is located.
- Privacy. SSL encryption defends data from an interception at the moment of transmission.
- Data integrity. SSL connection helps to avoid the mutilation of data during transmission.
Where are SSL certificates used?
As it has already been mentioned SSL are used for activity and personal data defense. That is why SSL are commonly used by:
- banks;
- payment systems;
- internet shops;
- mail services;
- software producers.
Besides, even common sites which store personal data of the users, more often appeal to SSL certificates, thus enhancing the level of visitors’ trust.
What is a self-signed certificate?
The most simple and free way to transit to HTTPS is to use a self-signed certificate. It can be generated immediately on the web server. This opportunity (option) is available by default in all popular hosting control panels (Cpanel, ISPmanager, and Directadmin). The main drawback of such certificate is that browsers will warn you about the unreliability of the site. It is not a problem for internal usage, but it will frighten off the clients of public sites.
SSL certificates for commercial usage
Domain Validation SSL certificates will suit small sites and projects which don’t sell anything but have a registration form of the visitors. In order to use such certificate you don’t need some special documents. You can formalize it within one hour. Everyone can own this certificate: physical person, private businessman or a company. You just need to verify a domain possession. And you can do it in one of the following ways:
- Through email (DVC Email). A letter with a link confirmation will come to an email, specified in Whois domain. Also this letter may come to one of the addresses of the specified site: admin@, administrator@, hostmaster@, postmaster@, webmaster@.
- With the help of DNS CHAME. If an email in Whois is closed by private registration you need to create a special record in DNS and the center of certification will check it.
- With the help of HTTP CSR Hash. In this case a user will get a special txt file which needs to be loaded on the own server.
Business Validation SSL certificates will suit companies interested in higher level of verification: internet shops, mail services and so on. For getting such certificate you need to send the documents of the company to the certification center and go through the procedure of the “callback” on the corporate phone.
Extended Validation SSL certificates are used by banks and payment systems with large number of clients. At use of such certificates there will be a characteristic green bar (lock) in the address bar of the browser. It can be used in marketing goals as well. The users are accustomed to see green address bar at use of Internet-banking and payment systems. For certain, they will be pleased by the protection of their data on your site with the same reliability.
SSL certificates with the support of subdomains (Wildcard) can protect any number of subdomains on unlimited number of servers.
SAN SSL certificates work with external and internal domain names and are able to protect large number of domains, subdomains, local domains and servers.
Code Signing SSL will suit software producers perfectly. These certificates will help when users get warnings and errors downloading programming code.
How to get SSL certificate?
The procedure for obtaining SSL certificate is the following:
1. Prepare your data for verification.
We have already understood how to verify a domain on receiving Domain Validation SSL. For buying more advanced types of certificates you have to prepare colored scans of the following documents:
- A certificate of registration in the unified state register of legal entities and physical people;
- Any document confirming real existence of your company.
2. Generate CSR.
CSR (Certificate Signing Request) is a block of encrypted text which is generated on that server where the certificate will be used. It contains information which will be included in your certificate: the name of the organization; the name of the domain; legal address and the country. Also an open key, which will be included in your certificate, is contained in CSR.
|
Characteristics
|
Meaning
|
Example
|
|
Common Name
|
The full name of the domain (for Wildcard the name of the domain should start with “*”)
|
www.mydomain.com (for WildCard –*.mydomain.com)
|
|
Country Name
|
2-letter country code
|
GB, US, IN, etc.
|
|
State or Province Name
|
The name of the province where an organization is registered.
|
State of Oklahoma, Yorkshire, etc.
|
|
Locality Name
|
The name of the locality.
|
New York, London, etc.
|
|
Organization Name
|
The full name of the organization under the statute or full name of physical person.
|
MyOrganization
|
|
Organizational Unit Name
|
The name of the unit which buys the certificate (not necessary).
|
IT
|
|
Email
|
Email for admission.
|
admin@myorganization.com
|
Let’s examine the example of filling out the fields at generation of CSR.
It’s important!
All names must be written in English without shortening.
As a rule, we use one of the most widespread utilities for certificate generation query and private keys – OpenSSL, for such purposes.
While working with OpenSSL use the following instructions:
Generation of private key: $ opensslgenrsa -outmydomain.com.key 2048 Generation of CSR: $ openssl req -new -key mydomain.com.key -out mydomain.com.csr
Advice!
If you only need to update the certificate you don’t have to generate a new private key but you can use an old one. Herewith, you should generate a new CSR even if you update SSL certificate.
3. Send your order on getting certificate.
Then send your letter to the Certification center or the company, where you buy the certificate. Specify the type of the desirable certificate, the period of validity and the legal address of your company. Attach to the letter:
- CSR in written form;
- The colored scan of the documents from the first paragraph.
4. Pay the received bill.
The Certification center or the company, where you buy the certificate, will send you the bill in return. Pay the bill. In a couple of days after the payment you’ll get your SSL certificate. We sell the certificates for 1-3 year period. The price depends on the chosen duration of the certificate. The longer period is the lower price is.
5. Install the certificate.
Having received the certificate, enter the website settings and proceed to the section “SSL setting”. In the tab “setup of the certificate” fill in all necessary boxes and save the changes. After all these operations your site will be HTTPS-connection. If you have difficulties during this phase, contact us. Our experts will install your certificate without problems. As a rule, it takes not more than an hour.
Prolongation
You can prolong the certificate 90 days before its expiration time. All unused days are transferred into a new certificate automatically. The procedure of prolongation differs from purchasing of a new certificate, as it doesn’t require repeated validation of the data. Just generate CSR again and contact the company, where you have bought the certificate.
Conclusion
The number of stolen personal data is growing day by day, that is why Google has taken protective measures. So, whether you like it or not you will have to transit to HTTPS. Of course if attendance, realization and the position of the site in search are important for you. The easiest way is to get the SSL-certificate. And you as well as your clients will be safe and calm. We hope that our article has clarified a lot in the matter of transition to HTTPS-connection. As you see, it’s not a big deal. And we are always ready to help if there are still some questions left or you need the certificate. Ask for competent consultation 24/7.
No Comment