If you ever want to order an SSL certificate to certum, digicert, etc you have to follow these steps
1. creating private key
you need a private key in order to have an SSL Certificate working.the most important part is the private key ( you should keep this as secure as you can)
use this command to generate a Private Key
$ openssl genrsa -out /path/to/file.key 2048
this will create a key with RSA algorithm
2. Create a Certificate Request aka CSR
you need to create a CSR to get your certificate
$ openssl req -new -key /path/to/private.key -out /path/to/request.csr
after running this command, you will be asked for several information such as:
- Organization (name of company)
- Organization Unit
- Email (make sure you have access to this email, since the certificate provider is likely to access you with this email and obviously it should be an email on the selected domain so they could verify this domain is belong to you)
after this, you can send this CSR file (the usual extension for requests is csr) to certificate provider.they usually have some place you can upload this file or some text box which you can copy this file contents and paste.
After generating the CSR file, you can verify it too, so you know it contains your required information such as email, … with this
$ openssl req -noout -text -in request.csr -verify
In the process of obtaining a new certificate, they need to verify you domain.you should provide some way, so they know you own the domain.
- EMail: with providing an email on the domain, they will know this domain is belong to you. ex: firstname.lastname@example.org . you just need to be sure you have access to the email
- DNS: if you dont have access to an email on that server or for some other reason, your email is not @yourdomain , they will give you a text.then you should add that text as TXT record on your domain DNS records.
- File: another way of record verification is by file.they will give a text file and you should put that file on the root of your website (or some other folder).