Domain Validated (DV) SSL Certificate are encryption only certificates commonly used by many websites. To validate the DV SSL Certificate no paperwork is required and this can be validated either by email or phone call . That is the reason you can quickly obtain the DV SSL certificate.
Advantage of DV SSL
1. Fast Approval Process : Because of no company paperwork and can be validate only via email or phone call, approval is faster.
2. Low Price : As compared to other SSL type (like EV, wildcard, UCC) the price is lower for DV SSL certificate.
Disadvantage of DV SSL
Domain validated certificates do not validate the company authenticity hence anyone can get this very easily. It only helps in encryption . In case if your website deals in money related transaction the aware potential visitors will scared to use your website, in that case EV SSL will be very useful.
Create DV SSL Certificate and approve from CA authority
The Certificate Signing request CSR key is generated in server , it includes many information about organisation/company.
In this section we will first create CSR and private key inside server. For this we will use OpenSSL utility.
Install OpenSSL in your system first.
## In Red Hat / CentOS yum install openssl openssl-devel ## In Debian/Ubuntu sudo apt-get install openssl libssl-dev
Now generate private and csr key with RSA 2048 bit. Replace myserver.key and myserver.csr as per your desired name of keys.
NOTE: At present it is important to use SHA2 because SHA1 is deprecated by many reputed web browser because of security reason (Reference Link).
Very Very Important : Keep the private key in safe place and do not miss it.
openssl req -nodes -newkey rsa:2048 -sha256 -keyout myserver.key -out myserver.csr
It will ask series of questions related to your Organisation, Department,location and contact email.At the end “challenge password” will be asked and generally we keep it blank.
Given below is sample reference from our system.
openssl req -nodes -newkey rsa:2048 -sha256 -keyout cloudbox.sharadchhetri.com.key -out cloudbox.sharadchhetri.com.csr Generating a 2048 bit RSA private key .....................................................................................+++ ......+++ writing new private key to 'cloudbox.sharadchhetri.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:Telangana Locality Name (eg, city) :Hyderabad Organization Name (eg, company) [Internet Widgits Pty Ltd]:Sharadchhetri.com Organizational Unit Name (eg, section) :IT Common Name (e.g. server FQDN or YOUR name) :sharadchhetri.com Email Address :email@example.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
You will find two keys i.e private and CSR keys in your current location of system after generation. Below is our keys –
sharad@linuxworld:/tmp/test/ssl$ ls -l total 8 -rw-rw-r-- 1 sharad sharad 1086 May 6 21:24 cloudbox.sharadchhetri.com.key -rw-rw-r-- 1 sharad sharad 1704 May 6 21:24 cloudbox.sharadchhetri.com.csr sharad@linuxworld:/tmp/test/ssl$
Apply DV SSL Certificates For Certificate Authority Approval
There are many vendors or domain registrars which provide the SSL Certificates . For this post, we will get DV SSL Certificates from NameCheap .
We have already bought the DV SSL Certificate and now we are going to apply for CA approval.
So we login into our NameCheap account
1. First we will activate SSL cert and apply for approval. Get the content of CSR key and paste it in Digital Certificate Form
2. Then select your approval email
In NameCheap you will see the flowchart of approval process.
4.Check your email, you will get ‘Validation Code’.
5. Use the ‘Validation Code’ to verify
6. Once the Validation code is verified, after a short time you will get compressed file with keys in your email.
Unzip the compressed file with keys which you received from CA. You will find crt files, which you can use in your web browser.
Below is reference of our keys.
unzip cloudbox_sharadchhetri_com.zip Archive: /home/sharad/chromedownload/cloudbox_sharadchhetri_com.zip extracting: AddTrustExternalCARoot.crt extracting: COMODORSAAddTrustCA.crt extracting: COMODORSADomainValidationSecureServerCA.crt extracting: cloudbox_sharadchhetri_com.crt