- What is SSL?
- Why SSL?
- PKI Overview
- SSL Certificate Features
- Ordering a Certificate
- What is a CSR?
- SSL Certificate Installation
- SSL Certificate Errors
- SSL Details
- Special Types
- Copying a Certificate
How To Order An SSL Certificate
Ordering an SSL certificate can be as simple as pie or it can make you want to pull your hair out. If you prepare to order an SSL certificate by creating a CSR and preparing your WHOIS record and company validation documents, you can make the process much easier to deal with. The process of ordering a certificate goes something like this:
- Prepare by getting your server set up and getting your WHOIS record updated, etc.
- Generate the CSR on the server
- Submit the CSR and other info to the Certificate Authority
- Have your domain and company validated
- Receive and install the issued certificate
What do I need to have before buying an SSL certificate?
A unique IP address. Because of the way that the SSL protocol was set up, you will need a separate IP address for each certificate that you want to use.
If you have multiple subdomains on one IP address, you can secure them with a Wildcard SSL Certificate. If you have multiple different domain names on one IP address, you can secure them with a UC Certificate. You will need to set up SSL Host Headers to do this.
A CSR. A certificate signing request or CSR is a piece of text that must be generated on your web server before ordering the SSL certificate. The certificate authority will use the information contained in the CSR (Organization name, domain name, public key, etc...) to create your certificate.
Correct contact information in WHOIS record. When you purchase a certificate for a particular domain name, the certificate authority needs to ensure that you own the domain name that you are getting the certificate for and that you are authorized to order the certificate. This is primarily done by making sure that the WHOIS record (the ownership and contact information associated with each domain name) matches the company name and address that is submitted with the certificate order. Some CAs will call the phone number listed in the WHOIS record and many will send an email to the address listed there so make sure you have the correct information listed. You can check the WHOIS record for your domain name here.
Business/Organization validation documents. If you are buying a high-assurance certificate, your business must also be validated. Certificate authorities often check government databases online to verify that your company is registered but they may still need you to send in a government registration document if they can't find your business. Each certificate authority has slightly different requirements for validation. If you want to check whether your company is correctly listed and active with your government, try using one of these online searches.
How long does it take to get my certificate?
How quickly you get your certificate depends on what type of certificate you get and which certificate provider you get it from. If you get a domain-validated only certificate you will receive it within a few minutes. If you get a normal, organization-validated certificate, you may receive it within an hour to a few days after you submit all the documentation. If you get an extended validation certificate (EV), you may wait several days to a few weeks while the validation takes place before you get the certificate.