Blog

How to get an SSL certificate. The plan and 4 common mistakes

How to get an SSL certificate. The general plan and 4 common mistakes
Nastya Kuznetsova
Content manager

A modern website is not a website without an SSL certificate. If you don’t want to update it every 90 days or you need a confirmation from your organization, a free SSL won’t suffice. You need to get a paid SSL certificate.

It’s not the most fun of activities. At first, you need to choose an SSL certificate, pay for it, then issue a correct request, and pass the verification of the certification center. We described the way you should get an SSL certificate, and what mistakes are usually made so that you don’t forget anything and make any mistakes of your own.

Step 1. Choose an SSL certificate

Types of certificates

DV certificate

The simplest one, it provides a secure connection. It’s good for promotional websites, blogs, or forums where you don’t need to leave your confidential information or make purchases.

OV certificate

Only an organization can get an SSL certificate like that, and the domain has to belong to it. OV provides a secure connection and confirms the existence of an organization. It suits websites where users leave confidential info and make purchases. But they won’t suit big businesses. EV will.

EV certificat

As well as in the OV case, only organizations can get an SSL certificate like that for their own domain. EV provides a secure connection, confirms the existence of your organization and the legitimacy of its activity. It looks different: if you click on the lock icon in the address bar, you will see a company name. This difference can earn the trust of users, but only of the advanced ones — of those who know where one should look. EV suits large enterprises, online stores, banks, fonds, government organizations.

EV certificate, if you click on the lock icon, you will see a company name

Multidomain and Wildcard certificates

Multidomain certificates protect several domains at once, and Wildcard can protect an unlimited number of subdomains. Both can be of three types: DV, OV, and EV. They suit those who have many domains and subdomains.

Validity

There are certificates for 1 and 2 years. The time is limited and quite short for security reasons — once reissued, SSL receives updates. It’s usually more beneficial to order an SSL certificate for 2 years, the price for two years will be cheaper this way.

Where to buy

Certification centers: Digicert, GeoTrust, Comodo, Thawte, etc.
Partners of the centers:LeaderSSL, ISPsystem, InstantSSL, CheapSSLsecurity, etc.

It’s cheaper to buy from partners because centers get more profit by selling through them. Oftentimes these partners turn out to be hosting providers. Check whether yours sells SSL.

 

Now you know everything. Choose SSLs of a suitable type and validity, put them in the cart and go ahead, fill some fields and forms. Sometimes they will ask for payment before generating the request, sometimes after — it’s quite normal.

Step 2. Generate the request for SSL

Specify the information about yourself and your company. Your SSL vendor will encrypt this data and create a CSR request. It’s a file and an important one: while SSL encrypts data, CSR stores one of the encryption keys, it is called open or public. You may have a CSR, say, you created it in advance, in another service. Then you can simply enter a ready request, there is usually a separate form for this.

The second encryption key will be generated along with a CSR, a closed or a private one. It is very important to download and save in a secure place: on a desktop or a flash drive, but not in a cloud. It is private after all.

An essential stage of getting an SSL certificate is domain confirmation. There are usually three ways to do this: an email, a txt-file, or a DNS record.

  • an email can only be sent to a particular inbox on your domain, a vendpr will show you the list. The process of creation and configuration of an email inbox takes an average of several hours;
  • a txt-file can be simply downloaded and uploaded to the website with a simple file manager;
  • a DNS record is an option for more advanced users. If you have never created those before, you’d better not even try choose another option.

Note: in order to get an SSL certificate, be it OV or EV, a domain has to belong to an organization.

Step 3. Pass the verification of a certification center

Ordered DV — confirm a domain
We have just told you about the three ways of confirming a domain. Choose one and follow the vendor’s instructions. Once you are finished, in 5-10 minutes you’ll receive your SSL certificate in the inbox.

Ordered OV — confirm an organization
After confirming a domain you also have to pass the organization check — the process depends on the certification center, they will send their demands by email. It is usually enough to just send the company and banking information, sometimes you also need to answer the call from the certification center. The whole process will take from 2 to 5 days.

Ordered EV — confirm the legitimacy of your actions
After the domain confirmation, you’re going to need to pass the advanced organization verification. In this case everything depends on the certification center as well, wait for their requirements to come to your inbox. Usually you need to send the company and banking information, sign an agreement with the certification center, send it by email, and prepare for a test call from the center. The whole process is going to take about two weeks.

Step 4. Don’t make common mistakes

Choose a method of domain confirmation. Sometimes it’s easy to miss this point, it depends on the store’s interface. But you can’t skip it: you don’t choose a method — you don’t confirm a domain — you don’t get an SSL certificate.

Save the secret key and don’t lose it. Neither a certification center nor the support of the company you bought SSL from will send you the secret key. This key is the private information that should only be known to the owner of the website. That’s why you are the only one who is able to download it and only at the order stage. If you lose the key, you are going to have to reissue your SSL certificate with a new CSR and a new key.

Sign up for catalogs in advance. It’s relevant for those who ordered an OV or an EV certificate. Because certification centers will verify the information that you specified with the information in the catalogs: Google My Business and others, you can find catalogs of your country on the Numberway.com. Sign up for one of them in advance and specify the same data you specified when you registered your domain — certifications centers will check that as well. You can check the domain data through the Whois service.

Get ready for a test call. This one is also relevant only for those who ordered an EV or an OV SSL certificate. It used to be enough to specify your number in one of the catalogs (Google My Business, etc.) and make sure that the same number was specified when you registered your domain (with the help of the Whois service). But hackers can fake a record in the catalog, that’s why some centers tightened the requirements of the phone check.

For instance, Comodo has recently demanded registration in the international database D&B (Dun & Bradstreet), and it’s not free and costs around $200. Now Comodo took pity on us and asked for an account in Google My Business, it certainly asks the organizations younger than 3 years. What will happen tomorrow and with what center is unknown. But be prepared to send a notary certified letter or add a phone number to USRLE.

You’ll find out your center’s requirements from an email that you’ll receive after generating a request for SSL. They will call the person who is specified as the administrative contact. They usually ask the company name, the domain name the certificate was ordered for, and the name of the certificate itself.

 

Be attentive, and you will succeed! When you receive the certificate, install it with Vepp, it’s a piece of cake!

Vepp is the simplest service for server and website management. It will help you create a WordPress website, install SSL, assign a domain, configure an email, and a lot more. There is a file manager to upload a txt-file and confirm a domain.

 

Vepp is a little guardian admin of your website. It makes the general settings by itself. You are left with the ones even a newbie can handle.

Nastya Kuznetsova
Content manager