Installing Your SSL Certificate

As the news spreads about the upcoming changes Google will implement, Solopreneurs have a chance to make great moves and secure their websites while prepping themselves to generate income online.

Companies, and the Internet, have been rocked by the news that Google would now give preference to websites that generate the lime green security lock and the famous “https” website protocol. The Summer of 2014 was met with mixed feelings about Google giving ranking boosts to sites that transformed themselves into secured websites.

These were once designated for websites that sold products or services, but now Google is using this opportunity to force legitimate online businesses to ‘prove” that they are all about safety. Find out more about Google’s decision here. In case you are not sure what an SSL Certificate is or how it works, check out the details here.

That being said, let’s talk about installing that SSL bad boy after you’ve purchased yours.

I found a great article on wikiHow giving step-by-step instructions on four ways to install your SSL Certificate on your web hosting server. I’ve brought in a few of the footnotes with extra information that wikiHow graciously provided. I speak about two of them here: The Hard Way vs the Sexy Way.

The Hard Way (Apache)

Some folks that to do things the hard way. Perhaps it gives them character. If that’s you here are the steps on installing your SSL Certificate through Apache. More details and images can be found in the full article on wikiHow

1. Generate a Certificate Signing Request (CSR). Before purchasing and installing your SSL certificate, you need to generate a CSR on your server. This file contains your server and public key information

   and is required to generate the private key. Generate your CSR directly from the Apache command line:

   • Launch the OpenSSL utility located at /usr/local/ssl/bin/
   • Create your key pair by entering the following command:

      openssl genrsa –des3 –out www.mydomain.com.key 2048 

   • Create your passphrase as this will need to be entered whenever you work with your keys.
   • Begin generating your CSR by entering the following command when prompted so the CSR file will be created:

     openssl req –new –key www.mydomain.com.key –out www.mydomain.com.csr 

   • Enter the requested information: your two-digit country code, your state or province, city or town name, full name of your company, industry/section name (i.e. IT or Marketing), and the common name (this would typically be your domain name).
   • Once the required information has been entered, run command below to generate your CSR file directly on your server:

     openssl req -noout -text -in www.mydomain.com.csr

2. Time to purchase your SSL certificate. There are several services online that offer SSL certificates, my preference has been through Namecheap. They sell the highly popular Comodo SSL Certificates. Whomever you choose, make sure to only order from a reputable service, since you and your customer’s security is at risk. Popular services include Comodo, DigiCert, Symantec, GlobalSign, and more. The best service for you will vary depending on your needs (multiple certificates, enterprise solutions, etc.).

   • Next thing for you to do is to upload your CSR file to your chosen certificate service when you order it. This is how you will generate the certificate for your server.

3. Download your certificates. You will need to download the Intermediate Certificates from your certificate provider. Your Primary Certificate will arrive via email or through the customer area of the website. Your key should look similar to the setup below:

   -----BEGIN CERTIFICATE-----   [Encoded Certificate]   -----END CERTIFICATE----- 

   • If the certificates arrive as a text file, you need to change it to (resave it as) a .CRT file before uploading it to your server.
   • Check the keys you’ve downloaded. There should be 5 dashes “-” on either side of the BEGIN CERTIFICATE and END CERTIFICATE lines. Also, ensure that there are no extra spaces or line breaks inserted into the key itself.
4. Upload certificates to your server. Most servers will and should walk you through uploading if you run into any issues. The certificates should be placed into a folder dedicated to certificates and key files. An example location would be /usr/local/ssl/crt/. All of your certificates must to be located in the same folder.

5. Open your “httpd.conf” file in a text editor of your choice. Some versions of Apache have an “ssl.conf” file for the SSL certificates. Only edit one of the two if you have both. Add the following lines to the Virtual Host section:

   SSLCertificateFile /usr/local/ssl/crt/primary.crt SSLCertificateKeyFile /usr/local/ssl/private/private.key SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt 

   • Save the changes to the file once you are finished. Re-upload the file if necessary.

6. Restart your server. Once the file has been changed, you can start using your SSL certificate by restarting your server. Most versions can be restarted by entering the following commands:

   apachectlp stop apachectl startssl

7. Test your certificate. Use various web browsers to test that your certificate is working properly. Connect to your website by typing “https://” to force the SSL connection. You should see the padlock icon in your address bar, usually with a green background.

The Sexy, Simple Way (cPanel)

For the rest of us who like to do things all sexy-like, here is another way to install your SSL Certificate through cPanel. Most webhost providers will have this interface, thus making your installation process slightly quicker and simplified. More details and images can be found on wikiHow

1. Generate a Certificate Signing Request (CSR). Before you can purchase and install an SSL certificate, you will need to generate a CSR on your server. This file contains your server and public key information and is required to generate the private key.
   1. Login to cPanel in your web hosting account; I use A2Hosting. Open the control panel and look for the SSL/TLS Manager.
   2. Click the “Generate, view, upload, or delete your private keys” links.
   3. Scroll down to the “Generate a New Key” section. Enter your domain name, or select it from the drop-down menu. Select 2048 for “Key Size”. Click the Generate button.
   4. Click “Return to SSL Manager”. From the main menu, select the “Generate, view, or delete SSL certificate signing requests” link.
   5. Enter in your organization’s information. You will need to enter your two-digit country code, the state or province, city or town name, full company name, section name (i.e. IT or Marketing), and the common name (typically the domain name).
   6. Click the Generate button. Your CSR will be displayed. You can copy this and enter it into your certification order form. If the service requires the CSR as a file, copy the text into a text editor and save it as a .CSR file.
2. Now purchase your SSL certificate. There are several services online that offer SSL certificates. My preference has been through Namecheap. They sell the highly popular Comodo SSL Certificates. Whomever you choose, make sure to only order from a reputable service since you and your customer’s security is at risk. Popular services include Comodo, DigiCert, Symantec, GlobalSign, and more. The best service for you will vary depending on your needs (multiple certificates, enterprise solutions, etc.).
   1. You will need to upload your CSR file to the certificate service when you order it. This will be used to generate the certificate for your server. Some providers will have you copy the contents of the CSR file, while others will have you upload the file itself.
3. Download your certificates. You will need to download the Intermediate Certificates from the service that you purchased your certificates from. You will receive your Primary Certificate via email or through the customer area of the website.
   1. Open the SSL Manager menu again in cPanel. Click the “Generate, view, upload, or delete SSL certificates” link. Click the Upload button to browse for the certificate that you received from the certificate provider. If the certificate came as text, paste it into the box in the browser.
4. Click the “Install SSL Certificate” link. This will finalize the installation of the SSL certificate. Your server will restart, and your certificate will begin being distributed.
5. Test your certificate. Use various web browsers to test that your certificate is working properly. Connect to your website using “https://” to force the SSL connection. You should see the padlock icon in your address bar, usually with a green background.

The Rundown

As the new website protocols roll out don’t get let behind in the race to be listed high in Google searches. Purchasing and implementing SSL Certificates can be done in a matter of minutes.

With these steps, you’ll be on your way to an “https” secured website in a matter of minutes. We’ll talk more about minimizing to removing all traces of your old protocol and understanding why you may receive the unwanted red lock next to your URL despite having properly installed your SSL Certificate.