Simple SSL certificates are easily obtained and installed these days. Here some simple first steps to get a Comodo SSL certificate installed.

1. Generate a Certificate Signing Request (CSR) with OpenSSL
   
   openssl genrsa –des3 –out yourdomain_com.key 2048 openssl req -new -key yourdomain_com.key -out yourdomain_com.csr

   1 2	openssl genrsa –des3 –out yourdomain_com.key 2048 openssl req -new -key yourdomain_com.key -out yourdomain_com.csr

2. Choose and register your certificate, with the CSR created.
3. You will receive your Domain Certificate and the Comodo CA Certificates
4. Many apps need your Certificate Authority Chain (CA) in a single file, something that you easily forget ! Combine the files from Comodo into a single file:
   
   cat yourdomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > cacert.pem

   1	cat yourdomain_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > cacert.pem

5. Now you can install your files and activate SSL. Documentation: Apache / NGINX
6. Some hosts allow you to add certificates through a simple interface, asking for Certificate, Private Key, CSR and the CA chain.

VERIFY YOUR SSL SETUP

Some options to check your SSL setup:

1. https://verifysslcertificate.com
2. https://www.ssllabs.com/ssltest/analyze.html
3. https://sslanalyzer.comodoca.com/
4. openssl s_client -showcerts -connect yourdomain.com:443

   1	openssl s_client -showcerts -connect yourdomain.com:443

   
    

CREATE CERTIFICATE CHAIN AUTOMATICALLY

This can be done manually, as shown above or you can use a shell script,  which downloads the certificates for you and combines them. SSL certificate chain resolver – This shell script downloads all intermediate CA certificates for a given SSL server certificate. There is even an online version, but I rather do that on my own machine :) … certificatechain.io

Enjoy coding …