SSL Install Nightmares – Explanations – how to make it easier

Posted on by

So I was install the SSL certificate in prep for a Virtual Christmas Tree – I had the SSL for a long time and two of us cringe when we hear “lets renew our SSL certificate” because it is always a dogs breakfast. We the decided to both write this and and that down “for next time” as we only do this once every 3 or 4 months and each situation and platform is different. I heard one of my customers say “oh- that is included in my package”. I asked “how much do you pay for your package?” “Oh … $370 per month” he said – so someone is installing his SSL too (maybe I am too inexpensive) and likely has pulled his hair out as well a time or two. Alas – here are some notes for next year to help me help my clients next year and do it quicker each time. I hope it helps you as well.

The formatting isn’t great as it is a copy/paste from some text notes, but the content is ok.

1. Generate a Private Key

– Save this on a USB stick or two – never give it to anyone and don’t save it on your hackable hard drive – save it on a mem stick that can’t be hacked.

– are you using a secret phrase? Document that too

– It looks like —– BEGIN PRIVATE KEY ——

– don’t ever lose this you WILL need it one day

– some companies call this an RSA key

2. Let pretend you are using goDaddy  

– Make SSL Cert

– This looks like —- BEGIN CERTIFICATE —–

– Paste in the Private Key when asked – this key’s the certificate 

– It generates a download zip file that contains 3 files. What are these?

a) #########.crt (called the primary root cert)

b) #########.pem (private encryption mail)

c) gd-bundle-gX-gY.crt (this is called the intermediate certif and used as a proxy

My buddy who installs these a lot says you only need 2 of these.

3. Renewal Time ….

– If a cert is being renewed you DO NOT need the private key

– Eg look here for it if you are unsure  when you know you have done this whole thing once before like a renewal or moving to a different server (and still have access to the old server)

https://ca.godaddy.com/help/wheres-my-private-key-32300

4. Fresh Install ??

– If  a fresh install is  required – you need to provide the private key

– Other links that wee have found helpful

https://www.rapidsslonline.com/blog/install-wildcard-ssl-certificate-multiple-servers/