User Manual

Cybersecurity Basics

SSL Certificates

22 | 85

A6V11646120_enUS_b_40

Buy an SSL Certificate

You can buy an SSL certificate from CA or their reseller. The prices vary depending

on the CA and type of the SSL certificate.

The following are the overall steps for buying SSL certificates from a CA:

1. Choose a Certificate Authority (CA): You can choose your CA from where you

want to buy an SSL certificate. There are many CAs such as Comodo, DigiCert,

RapidSSL, GeoTrust, Thawte, Certum, and so on. You may choose the CA based

on your budget and the features you need to manage the certificate. There are

resellers who provides cheap SSL certificates from these CAs.

2. Select the certificate you need: Once you select a CA, you can choose the

certificate you require for your website based on the validation method and the

number of websites you want to secure.

3. Purchase the certificate: Once you choose the certificate you require, make the

payment to proceed. For some CA, this step comes after submitting a CSR.

4. Generate and submit a CSR (Certificate Signing Request) to the CA: You

need to generate a CSR from your web server and submit it to the CA. To learn

more about what a CSR is and how to generate it, see the next chapter.

5. Download the SSL certificate (after successful validation): After submitting a

CSR, the CA will take some time for validating your information. This may vary

based on the validation certificate you purchased. For a DV certificate, it should be

quick. But it will take a little longer to validate for an OV or an EV certificate. Once

the CA successfully validates your information, you will get an email containing the

certificate or you can download it from your account on the CA's website.

6. Install an SSL certificate on your web server: Once you get your SSL

certificate, you need to install it on the web server from where you generated your

CSR. The installation process depends on the OS of your server.

Certificate Signing Request

In order to get an SSL certificate for your website, you need to generate and submit a

Certificate Signing Request (CSR) to the CA (Certificate Authority).

What is a CSR?

A CSR is an encoded message submitted by an applicant to a CA to get an SSL

certificate. In other words, it is a request from an applicant to a CA to get a digital

certificate.

A CSR contains a public key and the applicant's information such as FQDN (Fully

Qualified Domain Name), organization name and address. The CA validates the

applicant's information and issues an SSL certificate with the public key included in the

CSR.

Generally, a CSR is generated using the web server where the SSL certificate is going

to be installed. However, it can also be generated using SSL tools or a modern

browser such as Chrome or Firefox. The most common format for CSRs is the PKCS.

A CSR is a Base64 ASCII encoding message starting with "-----BEGIN NEW

CERTIFICATE REQUEST-----" and ending with "-----END NEW

CERTIFICATE REQUEST-----".