/ /
SSL certificate. Types. Generation. Free signature.

SSL certificate. Types. Generation. Free signature.

Updated Jan 15, 2022

SSL certificate. Types. Generation. Free signature.

Content
What is an SSL certificate and how does it work
Types of certificates
How to generate a reliable certificate
Certification of the public key by the certifying center
Free certification of the certificate
Certificate testing

What is an SSL certificate and how does it work

The SSL certificate consists of 3 parts: the private key, the public key, and the signature file. The first one is needed to encrypt messages. The second is to decipher. That is, what is encrypted with a private key can only be decrypted with an open one, and both of these keys are generated in pairs.

The signature file is generated by a trusted certificate authority. You send him your public key and go through the verification procedure. After that, you get a signature file, also known as a certificate.

Then everything happens as follows:

  1. The user visits the page of your site.
  2. The browser initiates the establishment of a secure connection.
  3. Your server sends him the public key and certificate.
  4. Thanks to the certificate, the user’s browser understands that the public key belongs exclusively to the site owner.
  5. Your server encrypts all data with a private key and sends it to the user.
  6. The user’s browser decrypts all data with the public key and displays it.

Types of certificates

In order for users on the network to start trusting your certificate, it must be signed by a certification authority. Otherwise, users’ browsers display a warning message.

Certificates come in 3 levels of trust: - Domain Validation. The verification center verifies only that you are the owner of the domain. - Organisation Validation. The verification center checks the registration data of your company. - Extended Validation. The same as Organization Validation, only the name of your company is displayed in the user’s browser.

The line with the company name of the certificate with Extended Validation causes more trust among users.
The line with the company name of the certificate with Extended Validation causes more trust among users.

A single certificate can be used for one or more domains. The number and type of domains depends on the type of certificate: - Single Domain. Such a certificate is provided only for one domain. The most popular type of certificates. - Wildcard. This type of certificate is issued for the main domain and all its subdomains. For example, for domains example.com , www.example.com , cabinet.example.com , ftp.example.com , imap.example.com You can issue 1 Wildcard certificate. This type of certificate is used on large projects consisting of a large number of different services. For example, separate subdomains are used for mail servers, technical support services, file-sharing servers, and so on - Multi Domain. This type of certificate is issued for several different domains. For example example.com , second-example.com , cdn.second-example.com . Usually, the certification of such a certificate is the most expensive.

How to generate a reliable certificate

The certificate consists of public and private keys. The private key cannot be disclosed to anyone. Therefore, it is better to generate the certificate yourself. To do this, you can use any web server on Linux. Open a command prompt and follow these steps:

  1. Generate a private key. The value 4096 is the key length. The larger it is, the more difficult it is to crack.
openssl genrsa -out server.key 4096
  1. Next, generate a CSR file. The CSR file contains the public key and data about your domain and company.
openssl req -new -key server.key -out server.csr
  1. Answer the questions:
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]: Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
  1. The following questions should be skipped by pressing the Enter key
Please enter the following "extra" attributes to be sent with your certificate request A challenge password []:
An optional company name []:

After that you will get 2 files: server.key and `server.csr’.

Certification of the public key by the certifying center

You need to send the file server.csr to the certificate authority for signing. After passing the verification procedure, the certification center will give you a new file. This file is the certificate.

Free certification of the certificate

Company https://letsencrypt.org can certify your certificate for free. There are 2 ways to use this service: service [https://www.sslforfree.com /](https://www.sslforfree.com / “Online service for free certification of certificates”) and the [Certbot] program(https://certbot.eff.org / “Program for automating certificate signing”). The Certbot program will certify the certificate for your web server and automatically renew its validity.

Certificate testing

There is a special service that analyzes not only your certificate, but also possible vulnerabilities of your web server related to the installation of a secure connection [https://www.ssllabs.com/ssltest /](https://www.ssllabs.com/ssltest / “Online service for testing SSL connection”).

A secure connection between your server and the user is not only an important factor of trust, but also a mandatory legal requirement of some countries. The presence of an encrypted connection depends on the position in the search engine results. Take your time on this issue, especially since it takes 5 minutes to install the certificate.

x

We use cookies. By continuing to use the site, you agree to the processing of personal data in accordance with privacy policy. I agree