An SSL certificate is a data file installed on a web server that enables encrypted HTTPS connections, protecting data in transit between browsers and servers. It validates a website’s identity and displays a padlock in the address bar, essential for security and SEO rankings. They are issued by Certificate Authorities.

Key Aspects of SSL Certificates:

• Encryption & Security: SSL/TLS certificates encrypt transmitted data, preventing eavesdropping or tampering with user information.
• Trust Indicators: Browsers show a “Not Secure” warning if a site lacks a certificate, while valid certificates display a padlock.
• SEO Benefit: Google uses HTTPS as a ranking signal, providing a ranking boost for sites with valid SSL.
• Validation Levels:
  • Domain Validation (DV): Quick, verifies domain ownership.
  • Organization Validation (OV): Validates the organization’s legal existence.
  • Extended Validation (EV): Highest security level, authenticates the legitimacy of the organization.
• Types: Single Domain, Multi-Domain (SAN), and Wildcard certificates (secures a base domain and unlimited subdomains).

Steps to generate SSL certificate:

1. Generate a CSR + private key
2. Upload CSR to secure.configuressl.com
3. Use the issued bundle + private key to create a usable .crt

Step 1: Generate CSR and Private Key

Run this on your server (Linux/macOS with OpenSSL):

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

What this does:

• server.key → your private key (KEEP SAFE)
• server.csr → your certificate signing request

You’ll be prompted for:

Country Name (2 letter code): AU
State or Province Name: QLD
Locality Name: Toronto
Organization Name: Your Company
Organizational Unit: IT
Common Name: yourdomain.com   <-- IMPORTANT
Email Address: admin@yourdomain.com

Common Name (CN) must match your domain:

• example.com OR
• *.example.com (for wildcard)

Step 2: Upload CSR to ConfigureSSL

Go to for example, https://secure.configuressl.com

Steps:

1. Log in / create account
2. Choose your SSL product
3. Paste contents of server.csr:

cat server.csr

4. Complete domain validation (DNS / email / file-based)
5. Wait for certificate issuance

Step 3: Download Certificate Bundle

After approval, you’ll receive:

• yourdomain.crt (server certificate)
• ca_bundle.crt or intermediate.crt (chain)
• Sometimes a zip bundle

Step 4: Combine into Final CRT Bundle

Most servers require a full chain file.

Combine like this:

cat yourdomain.crt ca_bundle.crt > fullchain.crt

Now you have:

• server.key → private key
• fullchain.crt → certificate chain

Step 5: Verify Certificate Matches Private Key

openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -noout -modulus -in yourdomain.crt | openssl md5

openssl rsa -noout -modulus -in server.key | openssl md5
openssl x509 -noout -modulus -in yourdomain.crt | openssl md5