By using site services you agree to our Cookies Use. We and our partners operate globally and use cookies, including for analytics, personalisation, and ads.Accept
X

/Types of SSL certificates. Certificates generating.

SSL certificate is used to encrypt the connection between your site and visitors. In this article you will find all the necessary information on it.

Certificates types

Each of the certificates must be signed by verification centre. Otherwise, the user browsers would show an error.

The certificates vary by the accuracy of the verification. There are three types of them:

Domain Validation. The verification centre checks only if you are the domain owner.
Organisation Validation. The verification centre checks also the registration data of your company.
Extended Validation. This kind allows you to display the name of your company in the browser line.

This line causes more trust.
This line causes more trust.

The certificate can be issued for single or for several domains.

Single Domain. This certificate is provided for one domain.
Wildcard. This one is provided for one domain and multiple subdomains. It should be convenient if your site has complex structure and its parts are located on subdomains. For example, the personal account, the technical support service and separate media file server can be located on subdomains.
Multy Domain. This certificate is provided for one domain and all subdomains.

How to generate

The certificate includes private key. It can't be given to the third parties in any case.

In order to generate the certificate open linux command line and perform the actions below:

Generate private key and csr file.

Generate private key

openssl genrsa -out server.key 4096

Enter the command to create certificate request (csr);

openssl req -new -key server.key -out server.csr

Answer the questions.

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Next fields must be empty:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

At finish you will get two files server.key and server.csr.

Certificate signing

You need to send server.csr file to a certificate authority to sing a certificate.

Free certificate signing

The company https://letsencrypt.org may sing your certificate for free. It is also available at https://www.sslforfree.com/ website or via Certbot software. Last one is more preferably.

Certbot is special software recommended by LetsEncrypt to use their services. All instructions on it are available at https://certbot.eff.org/ site.

Test certificate

You can do deep analysis of you SSL certificate using this service: https://www.ssllabs.com/ssltest/

The secured connection between you and users is a very important factor of the trust. The search engines also value safer sites. If your business is just starting, you can sign the certificate for free.

Check your site for issues

Only useful instructions