/Types of SSL certificates. Certificates generating.
SSL certificate is used to encrypt the connection between your site and visitors. In this article you will find all the necessary information on it.
Each of the certificates must be signed by verification centre. Otherwise, the user browsers would show an error.
The certificates vary by the accuracy of the verification. There are three types of them:
Domain Validation. The verification centre checks only if you are the domain owner.
Organisation Validation. The verification centre checks also the registration data of your company.
Extended Validation. This kind allows you to display the name of your company in the browser line.
The certificate can be issued for single or for several domains.
Single Domain. This certificate is provided for one domain.
Wildcard. This one is provided for one domain and multiple subdomains. It should be convenient if your site has complex structure and its parts are located on subdomains. For example, the personal account, the technical support service and separate media file server can be located on subdomains.
Multy Domain. This certificate is provided for one domain and all subdomains.
How to generate
The certificate includes private key. It can't be given to the third parties in any case.
In order to generate the certificate open linux command line and perform the actions below:
Generate private key and csr file.
Generate private key
openssl genrsa -out server.key 4096
Enter the command to create certificate request (csr);
openssl req -new -key server.key -out server.csr
Answer the questions.
Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) : Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) : Common Name (eg, YOUR name) : Email Address :
Next fields must be empty:
Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
At finish you will get two files server.key and server.csr.
You need to send server.csr file to a certificate authority to sing a certificate.
Free certificate signing
The company https://letsencrypt.org may sing your certificate for free. It is also available at https://www.sslforfree.com/ website or via Certbot software. Last one is more preferably.
Certbot is special software recommended by LetsEncrypt to use their services. All instructions on it are available at https://certbot.eff.org/ site.
You can do deep analysis of you SSL certificate using this service: https://www.ssllabs.com/ssltest/
The secured connection between you and users is a very important factor of the trust. The search engines also value safer sites. If your business is just starting, you can sign the certificate for free.