Back to website Login
There was a problem loading the comments.

How to Install an SSL Certificate from a Commercial Certificate Authority?

Support Portal  »  Knowledgebase  »  Viewing Article
  Print

Installing an SSL certificate from a trusted Certificate Authority (CA) ensures secure HTTPS connections for your website or application. This guide walks you through the steps required to obtain and install an SSL certificate on your server.

1. What is an SSL certificate, and why do I need it?

An SSL (Secure Sockets Layer) certificate encrypts data between a user's browser and your server, ensuring security and trust. It is required for HTTPS and helps protect sensitive information like login credentials and payment details.

2. How do I obtain an SSL certificate from a Commercial CA?

To get an SSL certificate from a commercial CA (e.g., DigiCert, GlobalSign, Sectigo):

  1. Generate a Certificate Signing Request (CSR) on your server.

  2. Submit the CSR to the CA during the certificate purchase process.

  3. Verify domain ownership through email, DNS, or file-based verification.

  4. Download the issued certificate files from the CA.

Softsys Hosting Offers a range of SSL certificates for all purposes at discounted price , for more details , visit out website : SSL Certificates: Comodo, GeoTrust, Thawte, Symantec, RapidSSL

3. How do I generate a CSR (Certificate Signing Request)?

Run the following OpenSSL command:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

  • yourdomain.key → Private key (keep this secure)

  • yourdomain.csr → CSR file (send this to the CA)

4. How do I install the SSL certificate on my server?

Once you receive the certificate files from the CA:

  1. Upload the certificate files (e.g., yourdomain.crt, yourdomain.ca-bundle) to your server.

  2. Copy the private key (yourdomain.key) to the same directory.

  3. Configure your web server (Apache/Nginx) to use the SSL certificate.

For Apache, update your virtual host configuration:

<VirtualHost *:443>
    ServerName yourdomain.com
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/yourdomain.crt
    SSLCertificateKeyFile /etc/ssl/private/yourdomain.key
    SSLCertificateChainFile /etc/ssl/certs/yourdomain.ca-bundle
</VirtualHost>

 

For Nginx, update your server block:

server {
    listen 443 ssl;
    server_name yourdomain.com;
    
    ssl_certificate /etc/ssl/certs/yourdomain.crt;
    ssl_certificate_key /etc/ssl/private/yourdomain.key;
}

 

Restart the web server to apply changes:

sudo systemctl restart apache2  # For Apache  
sudo systemctl restart nginx    # For Nginx

5. How do I verify the SSL installation?

Use the following command to check if SSL is correctly installed:

openssl s_client -connect yourdomain.com:443 -servername yourdomain.com

 

Alternatively, use an online SSL checker like SSL Labs to verify your certificate.

6. How do I renew my SSL certificate?

Before your SSL certificate expires:

  1. Generate a new CSR (same steps as before).

  2. Submit it to your CA for renewal.

  3. Download and install the new certificate following the installation steps above.

7. What should I do if I get an SSL error?

Common SSL issues and solutions:

  • Certificate not trusted → Ensure you installed the CA bundle.

  • Mismatch error → Check that the certificate matches the domain name.

  • SSL not working → Restart the web server and clear browser cache.

 

Share via
Did you find this article useful?  

Related Articles

Categories

Tags

© Softsys Hosting