An SSL certificate is issued to a website as digital proof that the transfer of data from the site to the browser and back is carried out using a secure protocol. Authentication of exchange keys when using Secure Sockets Layer protocol is performed using asymmetric cryptography and symmetric encryption, which guarantees a high level of confidentiality.
Using SSL certificate provides 4 important benefits:
In short, security, trust and privacy - that's what gives your site a secure connection (SSL).
It is important to note that the procedure of generating and installing a certificate to the server may vary for different operating systems and web servers. Our instruction is first of all applicable to users of Apache web-server, because it is the most widespread and popular.
The first thing you need to do is to generate a CSR for the domain. By default Apache has an OpenSSL utility - this is what we need. Enter the command:
openssl req -newkey rsa:2048 -nodes -keyout domain.com.key -out domain.com.csr
Only instead of "domain.com" enter your domain name. Next, you will be required to enter data for the signature request: it is displayed in the certificate. Just in case, check the CSR for correctness with the command:
openssl req -noout -text -in domain.com.csr
If your request is formulated correctly, you will get a text that looks something like this:
Version: 0 (0x0)
Subject: C=ru, ST=ddd, L=fff, O=ddd, OU=ss, CN=domain.com
Subject Public Key Info
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
The consequence of all this work will be two new files - a request for a certificate domain.com.csr and a secret key domain.com.key. When you pay for the certificate through My Services, you can proceed directly to install it. You can do this in several ways.
In the ISPmanager control panel, first, go to the Users section and provide the user that owns the domain with the SSL capability. Then you will need to log in and go to the corresponding section with the SSL certificates and click on "Add Certificate".
In the "Certificate type" menu, select "Existing". Here you need to fill in five key fields:
Once you add a certificate, you can enable it for the site. To do this, visit the WWW domains item, select the appropriate domain and activate the enhanced SSL security option by selecting the appropriate certificate. This simple way to do everything in the ISPmanager control panel, but there is also the possibility of manual installation on Apache and Nginx. We will tell you about them another time.
Let's Encrypt - Organization Validation (OV SSL). This certificate authority is able to confirm domain ownership through a special software - the ACME protocol. The beauty of Let's Encrypt is that you can use its services to bind SSL to your VPS site for free, while most other organizations charge a fee for this. But there are nuances:
Therefore, this certificate will not work for large companies and enterprises, and it is much more reliable to use the variant with a paid SSL. If even a basic domain verification is enough for your purposes, you can proceed with the installation. Let's consider the sequence of operations on the example of the cPanel:
After that, all that remains is to run the installation procedure, which usually lasts no more than 20-30 seconds. When the procedure is complete, you will receive appropriate notification. Go back to the main page: here you can find information about the domains for which the certificate was installed, as well as the validity period. If necessary, you can remove the SSL certificate or reinstall it.
When you rent a VPS from HostZealot, you can choose any convenient control panel which will allow you to install your SSL certificate in a couple of clicks. You will be able to go through the Domain Validation (DV SSL) procedure both manually and automatically. Contact us at the telephone numbers indicated on the website to get more information on the issues of interest to you or via LiveChat. Our specialists will always offer any assistance regarding service conditions and working with dedicated servers.