Installing SSL/TLS Certificates in Web Servers and Hosting Systems
7.1.0
In this section, we will discuss a general approach to installing SSL/TLS certificates in web servers or web hosting systems. This is applicable if you host your website in a web server in a Windows or Linux Server. This may also be applicable if you host your website with a hosting provider or system.
General Approach
The general approach to installing a SSL/TLS certificate in a web server or a hosting system is to :
- Download the SSL/TLS certificate files on your hosting machine
- Configure the web server or hosting system to use the files on the hosting machine to enable SSL for your website
SSL/TLS Certificate Files
Web Servers or Hosting Systems may need one or more of the following certificate files :
-
Certificate Private Key (.key) : this is the private key for the certificate. This file usually uses the ‘.key’ extension, but could be opened as a text file or with a ‘.pem’ extension.
-
Primary Certificate (.crt) : this is the primary certificate for your domain. It does not contain the private key. This file usually uses the ‘.crt’ or ‘.pem’ extension, but could be opened as a text file.
-
Intermediate Certificate (or Certificate Authority (CA) Bundle) (.crt) - these are the intermediate certificates from the Certificate Authority (CA). The intermediate certificates are stored in a single file. It does not contain the private key. This file usually uses the ‘.crt’ or ‘.pem’ extension, but could be opened as a text file.
-
Full Chain Certificate (.crt) - this is a single file that contains the primary certificate and all the intermediate certificates. It does not contain the private key. This file usually uses the ‘.crt’ or ‘.pem’ extension, but could be opened as a text file.
-
PKCS#12 (.pfx or .p12) - this is a single file that contains the primary certificate and intermediate certificate files. It also contains the private key and may also be password protected. This is an archive file and uses the ‘.pfx’ or ‘.p12’ file extension.
All of the above certificate files are provided in the RCL SSL Portal in the ‘Details’ page for the Certificate.
Installing the Certificate Files
Configuration File
Most web servers and hosting systems must be configured to install SSL/TLS in your website. This is done with a configuration file. In the configuration file , you will specify the file path for each certificate file required by the server or system.
Certificate Store
The .PFX certificate archive is usually ‘extracted’ and saved to a Certificate Store in your system. The certificate is then bound to your website by the webserver or hosting system using a configuration file or SSL binding system. Some web servers can use a .PFX file that is saved directly to the file system instead of a certificate store.
Text
Some systems may allow you to paste the required certificate files as text. You will need to open each file in a text editor, copy the text and paste it into the system
Uploading Files
Some systems may allow you to upload the required certificate files in the system.
Testing SSL/TLS
To test the SSL/TLS after installation, restart the web server or system and navigate to your web site. The browser will indicate if SSL is enabled for your website and whether the certificate is valid.