How to obtain and install an SSL certificate
Every server platform has its own steps to generate a certificate request and install an issued certificate. But the common steps include the following:
- Generate a certificate signing request (CSR)
- Order an SSL certificate from a CA
- Download the intermediate certificate from the CA
- Install the intermediate certificate on the server
There are multiple certificate authorities to choose from today, such as GeoTrust, DigiCert, Symantec, and Network Solutions. You can compare the prices as well as the types of certificates that they offer to find the best solution for you. We will review the different types of certificates later in the chapter.
Traditionally, you generate an unsigned key from your web server software or administration panel. This is usually a file with an encrypted string. You submit this file to the CA as part of the order process.
Once the verification process is complete, the CA will issue the certificate, another file. Your web server then allows you to install the certificate for the site.
Today, the process has become less manual. Many are making it an automated feature that is included with web server control panels. Many are including automated LetsEncrypt.org certificates.
WordPress (https://wordpress.com/)is the biggest player to adopt an HTTPS-only policy. They upgraded all the sites that they host to HTTPS in 2017 using a built-in LetsEncrypt tool.
Amazon AWS offers free certificates for Cloud Front and their network load-balancer services. These are domain-validated certificates, and take about 30 seconds to process; just a shining example of how far the SSL world has come since the mid 90s.