Applying for SSL certificate mainly needs to go through the following three steps:
1, make CSR file.
Secure socket layer
CSR is a certificate security request certificate request file. This document was produced by the applicant. At the same time, the system will generate two keys, one is the public key, that is, the CSR file, and the other is the private key, which is stored in the server. To make CSR files, applicants can refer to the documents of WEB SERVER, APACHE, etc. And use the OPENSSL command line to generate the KEY+CSR2 file. Tomcat, JBoss, Resin, etc. Use KEYTOOL to generate JKS and CSR files, and IIS creates a pending request and a CSR file through the wizard.
2.CA certification.
When CSR is submitted to CA, CA generally has two authentication methods: 1, domain name authentication, which is fast by authenticating the administrator's mailbox, but the certificate issued does not contain the enterprise name; 2, enterprise document certification, need to provide the business license of the enterprise. It usually takes 3-5 working days. There are also certificates that need to authenticate the above two methods at the same time, called EV certificates. This certificate can make the address bar of browsers above IE7 green, so the authentication is also the strictest.
3. Certificate installation.
After receiving the CA certificate, you can deploy the certificate to the server. Generally, the APACHE file directly copies the KEY+CER into the file, and then modifies the HTTPD. CONF file. TOMCAT and so on. , you need to import the certificate CER file issued by CA into JKS file, copy it to the server, and then modify the server. XML; IIS needs to handle pending requests and import CER files.