1. Generate certificate application file.
The first step for users to apply for an https certificate is to generate a CSR certificate request file. The system will generate two keys, a public key and a private key, which will be stored in the server. To generate CSR files, WEBmasters can refer to web server documentation, APACHE, etc. , and use OPENSSL command line to generate KEY+CSR2 files, Tomcat, JBoss, Resin, etc. Use KEYTOOL to generate JKS and CSR files, and IIS creates a pending request and a CSR file through the wizard.
2. Submit CSR to CA for certification.
CA institutions usually have two authentication methods:
(1) domain name authentication, generally through the administrator's mailbox authentication, this way of authentication is fast, but the certificate issued does not contain the enterprise name, only shows the domain name of the website, which is what we often call the domain name https certificate.
(2) Enterprise document certification requires the provision of enterprise business license. It usually takes 1-5 working days for https certificate to apply for CA certification.
At the same time, the above two certificates are called EV https certificates, which can make the browser address bar green, so the authentication is also the most stringent. EV https certificates are mostly used in fields that require high information security protection, such as finance, e-commerce, securities, etc.
3. Obtain an https certificate and install it
After receiving the https certificate issued by CA, deploy the https certificate to the server. Generally, the APACHE file directly copies the KEY+CER into the file, and then modifies the HTTPD. CONF file. TOMCAT and others need to import the certificate CER file issued by CA into JKS file, copy it to the server, and then modify the server. XMLIIS needs to handle pending requests and import CER files.