How to Deploy an SSL Certificate¶
To be able to browse a website via HTTPS, it is necessary to deploy an SSL certificate. For security reasons, the best practice is to generate certificate request (CSR) and private key directly on the server, where the certificate will be deployed. The private key should not leave the server and it should definitely not be sent by email. If it got into the wrong hands, it would be to use it to decrypt encrypted HTTPS traffic.
To generate the key and CSR, technical support needs to know the following information (filled with sample data):
Country Name (2 letter code) [AU]:CZ State or Province Name (full name) [Some-State]:Czech Republic Locality Name (eg, city) :Prague Organization Name (eg, company) [Internet Widgets Pty Ltd]:Some company ltd. Organizational Unit Name (eg, section) :Internet Common Name (e.g. server FQDN or YOUR name) :www.somedomain.com Email Address :firstname.lastname@example.org
The most important is the Common Name entry - it specifies the domain name to which the certificate is issued. Most of CAs will automatically include a domain with and without www in the Common Name for free.
If you want to generate CSR for wildcard certificate (for all subdomains), fill in as asterisk as the subdomain, e.g. *.example.com.
If you have SSH access to the server, you can generate the private key and the CSR yourself using the following command:
openssl req -out www.somedomain.com.csr -new -newkey rsa:2048 -nodes -keyout www.somedomain.com.key
The above mentioned information is required during the generation and the result is two files - a certification request with a .csr extension and private key with .key extension.
Issuing and signing of a commercial certificate by a trusted certification authority can be ordered through our sales department. The second option is to order it from a trusted certification authority (ComodoCA, RapidSSL, Symantec, GoDaddy, ...) on your own. In that case, a CSR will be required, on the basis of which the certificate will be issued.
For the deployment of the issued certificate on a standard managed server, it is necessary to make a request to our technical support. This operation requires adjusting the web server settings and reloading it. When you want to deploy a certificate, you must provide the signed certificate, the private key, and the certificate of the issuing certification authority to the technical support.
Customers, who are using PLESK, have the opportunity to deploy the certificate themselves.
You must find the required domain in the section 'Websites & Domains', then 'Secure your sites' => 'SSL Certificates' => 'Add SSL Certificate'. There you need to upload the key, the certificate and the certificate of the certification authority, or copy the content of these files as plain text into the prepared form fields. If the certificate is uploaded this way, it is not yet deployed for the selected site. In the 'Websites & Domains' section, there is an item called 'Hosting settings' and within it 'Security'. Once there, it is necessary to check the 'SSL support' checkbox (if it is not enabled yet), select the certificate from the drop-down list and save settings.