The Process Of Creating An SSL Server
At the heart of all online transactions, even something as simple as giving your name and email to sign up for newsletter, is the feeling of trust. The user trusts that the website belongs to the entity that has that specific domain name and also trusts that they have the correct security in place.
This trust has evolved over time and only with a concentrated effort by web browser designers, device manufacturers and Certificate Authorities to create a uniform way to apply security. Starting in 1994 with the first efforts of Netscape the use of SSL or Secure Sockets Layer has allowed for the safe transmission of encrypted data between a client and a server, a server and a server or through Public Key Infrastructure to protect emails.
The entire process of creating an SSL server that can decrypt information from a client (the website) starts with the use of an SSL certificate. In reality, today the correct term would actually be Transport Layer Security or TLS, which is the new generation of security that is built on the older SSL foundation.
However, as with many terms, the older version is still the terminology most people use. The SSL/TLS certificate is essential and starts with the domain owner or a designated agent, usually the IT administrator, completing what is known as a Certificate Signing Request (CSR).
The CSR is generated from the SSL server. This is a process that is slightly different for each type of server. For example, if you are using a Microsoft Windows server you can use the IIS (Internet Information Systems) Manager to complete the CSR and also the installation of the certificate.
For an Apache server, there are a couple of different options to generate the CSR including using OpenSSL. It is important to choose the right format to generate the CSR based on the SSL server type.
During this process, you will have to input specific information into the CSR. This will include specifics such as the Fully Qualified Domain Name or Common Name for the website that will be secured with the certificate to the SSL server.
The Fully Qualified Domain Name is the full name of the site. For a single domain SSL/TLS cert, it will look something like www.yourcompany.com or even yourcompany.com without the www. It is the URL that you type in to get to the website.
With the Wildcard certificate, which will protect the main domain and all subdomains, the Fully Qualified Domain Name will look like *.yourcompany.com. In this case, the Wildcard symbol, the (*), will substitute for all other subdomains under that mail domain.
The certificate will include geographic information as well as your company name, if applicable. You will also need to provide a contact email. This should be an email that is going to be used on a regular basis as information about certificate renewal will be sent to this address. At the same time, the public key will be added automatically to the CSR through an encrypted block of text.
With this completed, the CSR will be generated as well as a private key file. Do not submit the private key file, that will be installed on the SSL server with the certificate and should remain secured and safe from any type of access.
Depending on the SSL server platform you may use the same system (IIS or OpenSSL as two examples), to complete the installation of the certificate and the private key.
If you are using IIS the system is automated, you will just need to click through the options. With other server platforms, you may need to use command lines to install the certificate, the private key as well as the intermediate certificates that all come from the Certificate Authority.
At Comodo, we will provide everything you need for the install in minutes of receiving your CSR. We also provide a handy step-by-step guide for the generation of the CSR as well as the installation of the certificate for every server platform.
Once the certificate is installed and is bound to the website the set of keys and the certificate create the security. The client and the server both verify each other's identity through the use of the certificate and public key for encryption and decryption, creating the secure exchange of information.
To learn more about the CSR and the installation of an SSL server, contact our staff today. We are available by phone at +1 888 266 6361 or through our website at https://www.instantssl.com.