A certificate is a document that your website will send back to the browsers as an "Official identification" for your web site, and your business.
The certificate is issued by certified companies who are called "Certificate Authorities".
Types of SSL CertificatesFirst of all you have to decide which certificate type you should chose for your web site.
There are three types:
- Domain Validation (DV) SSL Certificate This is the simplest type of certificate, where the CA checks only that the applicant owns or has the right to use the domain name.
- Organization Validation (OV) SSL Certificates The CA checks more about the company owns the domain name, and display more information about the company owns the domain.
- Extended Validation (EV) SSL Certificate The CA conducts a thorough check on the organization with some standard guidelines defined by the industry.
This is usually required for organizations that require to have payments managed by on their own website and their own software.
Your home workAfter you decided what type of certificate you want to buy, you search for a suitable CA authority to buy your certification from.
The CA authority requires from your side a request called "Certificate Signing Request" (CSR)
There are many ways to generate the CSR. I will describe the process using OpenSSL tools.
First you need to generate a private key.
And then create the CSR:
openssl genrsa -out domain.com.key 2048
This will generate the CSR file, which you will send to the CA authority, which in return will send you the certificates.
openssl req -new -sha256 -key domain.com.key -out domain.com.csr