Getting SSL Certificate Is Important
TLS/SSL certificates when installed on a web server enable HTTPS access to a website. HTTPS access causes data transferred between the client (web browser, mobile app, etc.) and the web server (or website) to be encrypted such that no 3rd party can decipher it during transport. This is an important aspect of website security and boosts visitor confidence in interacting with the website.
Besides website security, SSL certificates are also recommended to improve website SEO and enable web push notifications on the website. Check out this page for more on the benefits offered by SSL Certificates.
Steps To Get SSL Certificate
SSL certificates can be self-issued but the self-issued certificates will not be trusted in web browsers and mobile apps by default. To get trusted SSL certificates you need to get them issued by a well-known Certificate Authority (CA) such as Sectigo (previously Comodo), Digicert, GlobalSign, etc.
Domain Control Validated/Domain Validated SSL certificates are the quickest way to get an SSL Certificate for your website. All the steps can be completed in 5-10 minutes depending on your expertise level.
The process to get an SSL certificate for your website consists of just THREE steps:
- Generate a Certificate Signing Request (CSR) and Private key.
- Enrol/Request for a certificate from the CA.
- Complete the Domain Validation to prove domain ownership.
STEP 1: Generate CSR and Private key
This is the first step in getting an SSL certificate for your website and consists of generating two cryptographic keys: CSR and Private key.
The process to generate them differs based on the web server platform and you should consult the documentation for your platform to know how this is done. Some popular web server platforms (such as Microsoft IIS, Apache, and cPanel), and the steps to generate the keys on them are detailed here.
If your platform does not require you to generate the CSR on your web server platform, you can use our free online CSR and Private key generator tool here.
For more information on CSR and Private key generation and troubleshooting visit our FAQs here.
STEP 2: Enroll/Request for SSL Certificate from CA
This is the second step in getting an SSL Certificate for your website and consists of providing some information to the CA with your CSR.
Although each CA may differ in the information required from the certificate requestor, it usually consists of the requestor's email address, web platform, choice of Domain Validation method, etc.
Choosing the right Domain Validation method is important as that affects the speed at which you can prove domain ownership. Email is the quickest, but DNS is usually the recommended trusted method if you have access to your domain DNS manager.
For more information on Domain Validation methods and how they work visit our FAQs here.
STEP 3: Complete Domain Validation to prove Domain Ownership
This is the third step in getting an SSL Certificate for your website and consists of proving ownership over the domain name for which you are requesting the certificate.
Based on your choice of Domain Control Validation (DCV) or Domain Validation (DV) method in the previous step of Certificate Enrollment, you will be given/sent instructions to complete a set of steps.
For DCV via Email method, you will be emailed a link and a code. You will need to click the link and enter the code from the email.
For DCV via DNS method, you will be asked to add a CNAME/TXT DNS record using your Domain Manager panel. You will need to add this DNS record.
For DCV via File method, you will be asked to upload a text file with some code to a specific directory on your website. You will need to upload the file to the specified directory on your web server.
Possible issues you can check for are:
- For File-based DCV, there may be extra space(s) in the text file content, or a firewall setting may be blocking http/https requests from CA server IPs since they are located outside the country.
- For DNS-based DCV, the DNS record may not have been correctly created or may need more time to propagate globally depending on the initial TTL value. Use the lowest possible TTL value for the quickest validation.
- In the case of Multi-Domain certificates, you may need to perform DCV for more than one domain name. Check if you have completed DCV requirements for all domains.