Generate private keys for SSL Certificate
= Step 1 : Create Files=
<<< Generating CSR [Certificate Signing Request] and Private Key (rsa/key/pem) >>>
Well, those two files are just paired files, which are related to each-other. So, actually it doesnt matter where you generate them.
Although I have found some PHP codes (which was said to help us) on StackOverflow , it could only generate PRIVATE KEY, not CSR. So, it was better for me to use openSSL commands to get those PRIVATE & CSR keys.
- In case you use Localhost (Apache/XAMP/WampServer or etc) you can open CMD (type
cmdin search, then right click and
Open As Administrator).
- In case you dont have Localserver, and want to do it on your Hosting (if it supports), find out SSH terminal there and open it.
Now, in terminal, execute these command one by one (Note the usage of parameters
RSA:2048. Also, change the path again):
cd c:\ && c:\wamp\bin\apache\apache2.4.9\bin set openssl_conf=c:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr :: (if you will get any conf.error, then just add location parameter to above command: -config c:\wamp\bin\apache\apache2.4.9\conf\openssl.cnf
Then it will ask you several questions… When it asks for “common name” , you should input domain name (i.e. example.com). After you are done, in the same location (i.e.
c:\wamp\bin\apache\apache2.4.9\) you will see Private-Key(server.key) and CSR-Key (server.csr). Go on…
= STEP 2 : Add CERTIFICATE (.crt) to site =
Now, enter your Domain Registar dashboard (where you have SSL issued), and re-issue that. When it asks for CSR and PRIVATE KEY, enter the contents of the files we generated (open them in text editor). Then you can continue and it will ask you for confirmation (EMAIL verification is quickest way). After passing confirmation step, you should get confirmation mail from your SSL provider (or Domain Registar dashboard), where you can download the CERTIFICATE (xxxxxxxx.crt and xxxxxx.ca-bundle files). Then go to HOSTING dashboard,and in SSL section fields, input the codes of CSR/PRIVATE/CRT keys appropriately ! Then the hosting should show a message, that installation of SSL is complete !
p.s. If you will get REDIRECT LOOP error, then you might have to re-install site. In most cases, it could be WordPress. So, dont forget to install it with