Create DV SSL Certificate and approve from CA authority

by

Domain Validated (DV) SSL Certificate are encryption only certificates commonly used by many websites. To validate the DV SSL Certificate no paperwork is required and this can be validated either by email or phone call . That is the reason you can quickly obtain the DV SSL certificate.

Advantage of DV SSL

1. Fast Approval Process : Because of no company paperwork and can be validate only via email or phone call, approval is faster.

2. Low Price : As compared to other SSL type (like EV, wildcard, UCC) the price is lower for DV SSL certificate.

Disadvantage of DV SSL

Domain validated certificates do not validate the company authenticity hence anyone can get this very easily. It only helps in encryption . In case if your website deals in money related transaction the aware potential visitors will scared to use your website, in that case EV SSL will be very useful.

Create DV SSL Certificate and approve from CA authority

The Certificate Signing request CSR key is generated in server , it includes many information about organisation/company.
In this section we will first create CSR and private key inside server. For this we will use OpenSSL utility.

Install OpenSSL in your system first.

## In Red Hat / CentOS
yum install openssl openssl-devel

## In Debian/Ubuntu
sudo apt-get install openssl libssl-dev

Now generate private and csr key with RSA 2048 bit. Replace myserver.key and myserver.csr as per your desired name of keys.

NOTE: At present it is important to use SHA2 because SHA1 is deprecated by many reputed web browser because of security reason (Reference Link).

Very Very Important : Keep the private key in safe place and do not miss it.

openssl req -nodes -newkey rsa:2048 -sha256 -keyout myserver.key -out myserver.csr

It will ask series of questions related to your Organisation, Department,location and contact email.At the end “challenge password” will be asked and generally we keep it blank.

Given below is sample reference from our system.

openssl req -nodes -newkey rsa:2048 -sha256 -keyout cloudbox.sharadchhetri.com.key -out cloudbox.sharadchhetri.com.csr
Generating a 2048 bit RSA private key
.....................................................................................+++
......+++
writing new private key to 'cloudbox.sharadchhetri.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Telangana
Locality Name (eg, city) []:Hyderabad
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Sharadchhetri.com
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:sharadchhetri.com
Email Address []:admin@sharadchhetri.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

You will find two keys i.e private and CSR keys in your current location of system after generation. Below is our keys –

sharad@linuxworld:/tmp/test/ssl$ ls -l
total 8
-rw-rw-r-- 1 sharad sharad 1086 May  6 21:24 cloudbox.sharadchhetri.com.key
-rw-rw-r-- 1 sharad sharad 1704 May  6 21:24 cloudbox.sharadchhetri.com.csr
sharad@linuxworld:/tmp/test/ssl$

Apply DV SSL Certificates For Certificate Authority Approval

There are many vendors or domain registrars which provide the SSL Certificates . For this post, we will get DV SSL Certificates from NameCheap .

We have already bought the DV SSL Certificate and now we are going to apply for CA approval.

So we login into our NameCheap account

1. First we will activate SSL cert and apply for approval. Get the content of CSR key and paste it in Digital Certificate Form

SSL-CERT-1

2. Then select your approval email

SSL-CERT-2

3. Fill the contact information as per given field in order form.
SSL-CERT-3

In NameCheap you will see the flowchart of approval process.

SSL-CERT-5

4.Check your email, you will get ‘Validation Code’.

SSL-CERT-6

5. Use the ‘Validation Code’ to verify

SSL-CERT-7

6. Once the Validation code is verified, after a short time you will get compressed file with keys in your email.

SSL-CERT-9

Unzip the compressed file with keys which you received from CA. You will find crt files, which you can use in your web browser.

Below is reference of our keys.

unzip cloudbox_sharadchhetri_com.zip

Archive:  /home/sharad/chromedownload/cloudbox_sharadchhetri_com.zip
 extracting: AddTrustExternalCARoot.crt  
 extracting: COMODORSAAddTrustCA.crt  
 extracting: COMODORSADomainValidationSecureServerCA.crt  
 extracting: cloudbox_sharadchhetri_com.crt

Related posts:

  1. Find date of expiry and issue of SSL certificate with command
  2. How to configure self signed SSL certificate in owncloud Ubuntu
  3. Setup Owncloud 6 with self signed SSL certificate on Ubuntu 13.10
  4. Setup self signed ssl certificate on Owncloud 6 in Ubuntu 14.04 LTS Server
  5. Setup self signed SSL certificate for ghost blog on Nginx
  6. Nagios Plugin : check ssl certificate expiry date
  7. Protect from SSL Drown Attack in AWS ELB, Apache and Nginx
  8. CHECK_NRPE: Error – Could not complete SSL handshake nagios
  9. create noreply email id in postfixadmin mysql database
  10. Install VirtualBox Guest Additions and create videos