we have a website on a dedicated server with iweb.com. Our SSL certificate is purchased through Godaddy and expiring soon, so it’s time to get it updated. Iweb has a general article on how to install ssl certificates (https://kb.iweb.com/entries/21117106-Installing-SSL-certificates) but it’s not detailed so there are still some questions about that.
GENERATING A CSR AND INSTALLING A SSL CERTIFICATE:
“In order to get a SSL certificate, you need to create a Certificate Signing Request (CSR) and send it to the Certificate Authority.” - Does it mean I can create a certificate myself for free, and don’t have to purchase it through godaddy or any other service? If yes what is the difference? And if I already have a certificate should I skip the certificate generating step and start with the installation?
FOLLOW THIS PROCEDURE TO INSTALL THE SSL CERTIFICATE:
Under the installation steps it asks to enter the domain name for which the SSL certificate was created, will it include the ftp, email, cpanel servers as well?
And lastly, what’s going to happen with my old certificate, will it be deleted or I have to remove it manually?
Thank you!
Does it mean I can create a certificate myself for free, and don’t have to purchase it through godaddy or any other service?
Well, you can get a self-signed one for free, But, if people are visiting your website, there will be a HUGE alert on their browser, and try to stop them from browsing.
And the Certificate Signing Request is not actually a Cert! (well, it does contain your public key, and some other information)
The difference between a self-signed and public-CA-signed one is just like your school ID and your passport, the school ID only valid in a small community, and the passport is recognized by the general public as a personal ID.
See: How to create a self-signed cert in Ubuntu with Apache Using OpenSSL
If your think the price for Godaddy is too high, you may try something cheaper like PositiveSSL or RapidSSL, which is only around 10 USD/year/domain
And there is also a free one: StartSSL
Under the installation steps it asks to enter the domain name for which the SSL certificate was created, will it include the ftp, email, cpanel servers as well?
No, just the web server you wish the general public to be able to visit. if there is a web interface for the email (like Gmail) or CPanel, you may have to create a ssl for them as well.
And lastly, what’s going to happen with my old certificate, will it be deleted or I have to remove it manually?
You should update it. if you haven't renew and update it, the browser will try to block your visitors with a HUGE alert again after the expiration date.