Regarding website security, installing an SSL certificate is the first step to protecting yourself. However, knowing how to set up an SSL certificate can be tricky without technical knowledge. Don’t worry! In this ultimate guide, I’ll teach you everything about SSL certificates; what they are, why you need them, and where to buy them. Lastly, I’ll take you through the step-by-step process so you can learn how to install an SSL certificate to protect your domain name.
Introduction
Before we learn how to set up an SSL certificate, I’d like first to review some of the basic knowledge every website owner should have in regard to their SSL.
What’s an SSL certificate?
When you’re online, you must trust the websites you visit to be who they say they are. You also trust that they will protect your identity. For example, when you give your credit card number to a website, you want to know that it’s going to the right place. That’s where an SSL certificate comes into play.
An SSL certificate is an encrypted code that helps verify a web server’s identity. It’s like a secret handshake between your computer and the server. When you connect with an SSL certificate, your browser recognizes it as valid and establishes a secure connection with the server. This handshake ensures that no one can intercept or tamper with any data sent back and forth between your computer and the server.
Why do you need an SSL certificate?
Your website is your business. It’s the first impression you make on your customers and where you show off all the hard work that goes into making your brand what it is. You want to make sure that you’re protecting your website from hackers and other malicious actors so that only people who are meant to see it can do so—and so that your customers don’t get a big fat “not secure” warning in their browser when they visit your site!
An SSL certificate is like a guard that stands between all the information on your website, and everyone else on the internet—the guard’s job is to keep out anything that doesn’t belong.
Where do I buy an SSL certificate?
There are several options for purchasing an SSL. One common option is to purchase an SSL certificate from your web hosting provider. Many hosting providers offer SSL certificates as an add-on service to their hosting plans, making it easy to secure your website with just a few clicks.
Another option for purchasing an SSL certificate is to go directly to a certificate authority (CA). CAs are trusted entities that issue digital certificates that verify the identity of a website and encrypt the data that is transmitted between the website and its visitors.
Lastly, if you’re looking for a wider range of SSL certificate options at a lower cost, you might consider purchasing from an SSL reseller. SSL resellers are companies that specialize in selling SSL certificates from various certificate authorities.
SSL Store
SSL Store
The Different Types of SSL Certificates
Don’t know how to choose which SSL is right for you? I don’t blame you! With the immense number of options available, it’s super confusing. Luckily, I broke it down for you in a much easier-to-understand way.
There are two different ways to break down SSL certificates:
- Number of Domains to Secure
How many domains need to be protected? Do you have one single domain only? Or do you have a domain and a bunch of subdomains that need protecting? This is where single-domain, multi-domain, and wildcard SSL certificates come into play.
- Validation Level
There’s a validation process you must go through before receiving your SSL from the CA (Certificate Authority). This level of validation varies; remember that the higher the level of validation, the more authority your website will gain.
1. Number of Domains to Secure
The first thing to decide is the number of domains you need to be covered.
- Multi-Domain
A multi-domain SSL certificate is a type of SSL certificate that can be used to secure multiple domains or subdomains under a single certificate.
Let’s say you have a website with several subdomains, like blog.yoursite.com, shop.yoursite.com, and support.yoursite.com. Instead of getting a separate SSL certificate for each subdomain, you can get a multi-domain SSL certificate that covers all of them.
This can be helpful if you have a lot of different domains or subdomains that you need to secure because it can save you time and money. Plus, managing all of your SSL certificates in one place is easier than keeping track of multiple certificates for different domains.
- Wildcard
With a Wildcard SSL certificate, you can secure multiple subdomains and all subdomains that match a certain pattern. The pattern is defined by an asterisk (*) character in the domain name, which is why it’s called a “wildcard.”
For example, let’s say you have a website with a domain name of “yoursite.com,” and several subdomains, such as blog.yoursite.com, shop.yoursite.com, and support.yoursite.com. With a Wildcard SSL certificate for “*.yoursite.com”, you could secure these subdomains with just one certificate.
This can be useful if you have many subdomains or plan to add more ones.
It can also save you time and money since you only need to manage one certificate instead of multiple certificates for each subdomain.
- Multi-Domain Wildcard
A Multi-Domain Wildcard SSL Certificate is a special type of SSL certificate that combines the capabilities of both Multi-Domain and Wildcard SSL certificates. With a Multi-Domain Wildcard SSL Certificate, you can secure multiple subdomains and domains that match a certain pattern.
For example, you have a website with multiple domains, such as yoursite.com, yoursite.net, and yoursite.org. You also have several subdomains for each domain, such as blog.yoursite.com, shop.yoursite.net, and support.yoursite.org. With a Multi-Domain Wildcard SSL Certificate for “.yoursite.“, you could secure all these domains and subdomains with just one certificate.
Check out my chart below to visualize it.
2. Validation Level Required
When it comes to encryption, all SSL certificates offer the same. However, they do vary regarding validation level. Certificate authorities issue SSL certificates in three separate validation levels:
- Domain Validated (DV)
These are the most affordable SSL certificates available. They require the least extensive validation process. All you have to do to receive a domain-validated SSL is prove to the CA that you indeed own the domain name you wish to secure. These SSLs are best for small personal websites like blogs and portfolio websites. They offer secure protection but not a lot of trust indicators (like badges/seals).
Popular DV Certificates:
- Organization Validated (OV)
These are SSLs made for the websites of businesses and other registered organizations. Organization Validated (OV) SSL certificates require more extensive validation than DV SSLs. But don’t worry! As long as your business is registered, it should only take a couple of days to be validated.
Popular OV Certificates:
- Extended Validated (EV)
EV SSLs offer the highest level of trustworthiness to a website. They require the most intense validation process because the CA wants to ensure that all domains with an Extended Validated certificate are legitimate. A Georgia Tech study discovered that 99.99% of domains with an EV SSL are 99.99% likely to be free from phishing and abuse. These certificates are the best of the best regarding SSL certification.
Popular EV Certificates:
- GeoTrust True BusinessID with EV
- GeoTrust True BusinessID with EV Multi-Domain
- GeoTrust True BusinessID EV (FLEX)
- Thawte SSL Web Server with EV
- Thawte SSL Web Server EV (FLEX)
- Comodo EV SSL
- Comodo EV Multi-Domain
- PositiveSSL EV
- PositiveSSL EV Multi-Domain
- EnterpriseSSL Pro with EV
- EnterpriseSSL Pro with EV Multi-Domain
- DigiCert Basic EV
- DigiCert Secure Site EV (FLEX)
- DigiCert Extended Validation SSL
- DigiCert EV Multi-Domain SSL
- DigiCert Secure Site EV SSL
Brands the SSL Store Has:
How to Set Up an SSL Certificate: Part 1
Finally, we’ve made it to the meat of the post! How to set up an SSL certificate. There are a few things you’ll need to get started. I will proceed with the directions as if you’ve just purchased an SSL certificate from the SSL Store. They have every possible SSL you could ever want or need, and their level of support is unrivaled. After purchasing a certificate, we can proceed with the installation process.
Checklist for Installing an SSL Certificate:
- An SSL Certificate
- A domain name needing protection
- A computer with internet access
Step 1: Login into your dashboard
After purchasing an SSL certificate from the SSL Store, they’ll send you a confirmation email to the address you provide during checkout. Go ahead and navigate to that email to access the login link to your account.
Because I purchased a Comodo brand SSL certificate, this is the login page the SSL store sent me to. Depending on which brand SSL certificate you purchase, whatever brand you purchase may bring you to a different brand’s dashboard. However, they will all look fairly identical, and the setup process is the same.
Step 2: Generate Your SSL
In the confirmation email for your purchase, about halfway through will be a link that says “Generate Your SSL” (It will display the SSL you bought). Click on that link.
Alternatively, instead of grabbing the Generate link from your email, you can navigate to the My Account page and log in to your account. Click on the Incomplete Orders section of your account, and listed below will be the SSL you purchased. Under Action, click on Get Started.
Step 3: Answer the prompts
You’ll end up on a page that says Enter CSR at the top. First, it asks you if this is a new SSL or a renewal. (Select new if you’re getting a new SSL and not just renewing an existing one.)
Next, select your automated authentication method. As discussed earlier, all domain-validated SSL certificates must undergo the DCV or domain control validation process. DCV is an easy and automated way to prove that you own the domain and install the SSL certificate. There are four different ways to do this.
Email Verification:
An email for your account will be sent to one of the administrative emails. These are as follows:
- admin@example.com
- administrator@example.com
- hostmaster@example.com
- postmaster@example.com
- webmaster@example.com
HTTP File Based:
You’ll be provided a TXT record that must be uploaded to your site’s root directory. You will select this option if you don’t already have an SSL installed on your site.
HTTPS Filed Based:
This is the same as above. However, if you already have an SSL installed on your site and this purchase is for a renewal, you’ll want to select this option instead of the HTTP file-based option.
CNAME Record:
Depending on which brand SSL you purchase, you must upload a CNAME or a TXT record in your DNS records. Aside from the first email option, this is the next best option for verification.
And lastly, we need to generate a CSR and a private key. Go to www.csrgenerator.com. Fill out the information box, and under where it says “common name,” you type the domain name for which the SSL certificate is. You must include www. before the domain name to ensure the SSL will cover both versions of your domain name.
Don’t forget to copy and paste the CSR and private key into a word document or somewhere you can keep it safe! Also, keep it handy because we’ll need it when installing the SSL certificate via cPanel.
Alright, to quickly recap where we’re at: we’ve purchased our SSL certificate and begun the certification process, so the CA (Certificate Authority) will verify our certificate. Once they do that, we can install the SSL certificate.
How to Install an SSL Certificate: The Final Steps
After you’ve chosen your method for verification and completed it, the CA will issue your certificate and notify you once they do so. After that, the last step is to install the SSL certificate.
1. Start on cPanel
Starting on cPanel, type SSLs into the search bar or scroll down towards the bottom and look for it under the Security section.
Click on SSL/TLS.
2. Manage SSLs
Once on the SSL/TLS page, you’ll see four different chunks of text on the right side that say Private Keys (Key), Certificate Signing Requests (CSR), Certificates (CRT), and Install and Manage SSL For Your Site (HTTPS).
Underneath the Install and Manage SSL For Your Site (HTTPS) option, it says Manage SSL sites.
Click on Manage SSL sites.
3. Entering the CSR and Private Key
After clicking on Manage SSL sites, it’ll take you to another screen that says Manage SSL Hosts at the top. Scroll down to the bottom to where it says Install an SSL Website.
Ignore the browse certificates button to browse already installed SSL certificates. (Since we’re installing ours now, it’s not already going to be available via the Browse Certificates button.) Underneath the button where it says domain, click the dropdown and select the domain name for which you’re installing the SSL certificate.
Now, retrieve the saved CSR and private key that you generated earlier. Copy and paste those into the Certificate (CRT) and Private Key (KEY) boxes. The third box that says Certificate Authority Bundle (CABUNDLE) should be blank.
Click the button that says Install Certificate, and BOOM! You’ve learned how to set up an SSL certificate for your domain name.
Summary and Key Takeaways
We covered a lot of ground in this article! Let’s do a quick recap of everything that we’ve learned.
What we’ve learned:
- The first step to protecting your website is setting up an SSL for your domain name
- An SSL certificate is an encrypted code that helps verify a web server’s identity
- How to generate a CSR and private key for our SSL certificate
- The validation process for our certificate
- Final installation process to install an SSL certificate via cPanel
