SSL Install Nightmares – Explanations – how to make it easier
So I was install the SSL certificate in prep for a Virtual Christmas Tree – I had the SSL for a long time and two of us cringe when we hear “lets renew our SSL certificate” because it is always a dogs breakfast. We the decided to both write this and and that down “for next time” as we only do this once every 3 or 4 months and each situation and platform is different. I heard one of my customers say “oh- that is included in my package”. I asked “how much do you pay for your package?” “Oh … $370 per month” he said – so someone is installing his SSL too (maybe I am too inexpensive) and likely has pulled his hair out as well a time or two. Alas – here are some notes for next year to help me help my clients next year and do it quicker each time. I hope it helps you as well.
The formatting isn’t great as it is a copy/paste from some text notes, but the content is ok.
1. Generate a Private Key
– Save this on a USB stick or two – never give it to anyone and don’t save it on your hackable hard drive – save it on a mem stick that can’t be hacked.
– are you using a secret phrase? Document that too
– It looks like —– BEGIN PRIVATE KEY ——
– don’t ever lose this you WILL need it one day
– some companies call this an RSA key
2. Let pretend you are using goDaddy
– Make SSL Cert
– This looks like —- BEGIN CERTIFICATE —–
– Paste in the Private Key when asked – this key’s the certificate
– It generates a download zip file that contains 3 files. What are these?
a) #########.crt (called the primary root cert)
b) #########.pem (private encryption mail)
c) gd-bundle-gX-gY.crt (this is called the intermediate certif and used as a proxy
My buddy who installs these a lot says you only need 2 of these.
3. Renewal Time ….
– If a cert is being renewed you DO NOT need the private key
– Eg look here for it if you are unsure when you know you have done this whole thing once before like a renewal or moving to a different server (and still have access to the old server)
4. Fresh Install ??
– If a fresh install is required – you need to provide the private key
– Other links that wee have found helpful