Here are some selected notes regarding SSL Certificates, this is more of a brain dump than anything so your mileage with this post may vary.

  • You should take the time to learn the theory behind private/public key authentication, knowing why you are doing something will always make it easier to get to grips with the practical aspects of it. Stack Exchange has a nice question on it and here is a Wikipedia article;
  • If your hosting company offers to install SSL, don't be a hero, let them.
  • If your server has cPanal/Webmin/Some form of admin that has SSL stuff, don't be a hero, use it. (mainly because if you manually change stuff some of their scripts might change it back)
  • You should where possible follow the advice laid out by the SSL issuer you are buying from, some of them have different preferences for how the .csr file is generated and it would just be quicker then sending them the wrong stuff.
  • Speaking of .csr file - this is a certificate signing request, it is basically a file you send to an SSL issuer saying "This is who I am, please verify me thank you"
  • The command to generate the .csr is something like; openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr
  • The .key file above is your private key, keep that safe (seriously)
  • Where files should sit depends mainly on your configuration and server setup, a quick google will answer any questions.
  • Depending on the SSL certificate you are asking for authentication can take a while and may involve some offline steps - plan accordingly if you are planning a launch.