Simple SSL certificates are easily obtained and installed these days. Here some simple first steps to get a Comodo SSL certificate installed.
- Generate a Certificate Signing Request (CSR) with OpenSSL
12openssl genrsa –des3 –out yourdomain_com.key 2048openssl req -new -key yourdomain_com.key -out yourdomain_com.csr - Choose and register your certificate, with the CSR created.
- You will receive your Domain Certificate and the Comodo CA Certificates
- Many apps need your Certificate Authority Chain (CA) in a single file, something that you easily forget ! Combine the files from Comodo into a single file:
1cat yourdomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > cacert.pem - Now you can install your files and activate SSL. Documentation: Apache / NGINX
- Some hosts allow you to add certificates through a simple interface, asking for Certificate, Private Key, CSR and the CA chain.
VERIFY YOUR SSL SETUP
Some options to check your SSL setup:
- https://verifysslcertificate.com
- https://www.ssllabs.com/ssltest/analyze.html
- https://sslanalyzer.comodoca.com/
-
1openssl s_client -showcerts -connect yourdomain.com:443
CREATE CERTIFICATE CHAIN AUTOMATICALLY
This can be done manually, as shown above or you can use a shell script, which downloads the certificates for you and combines them. SSL certificate chain resolver – This shell script downloads all intermediate CA certificates for a given SSL server certificate. There is even an online version, but I rather do that on my own machine :) … certificatechain.io