Overview
This article is designed for Emersion clients who need to obtain an SSL certificate but have limited access to resources who are educated in web technologies, specifically Open SSL. The process described below is only one method to obtaining a valid certificate. It is best if you engage with a company who can complete this process for you, but if you wish to do-it-yourself, we have provided a method below.
At the end of this process you will have an SSL certificate that is verified (signed) and a private key. You need to submit both of these to Emersion.
Prerequisites
First, install Open SSL on your computer, or log in to a computer or server with Open SSL installed on it.
(1) Step One: Generate the CSR
Despite claims to the contrary, you do not need Emersion to generate the CSR from our web server. You can generate a certificate from any machine with Open SSL installed.
Option A) If you have access to a server that can run the OpenSSL commands required
Generating a Certificate Signing Request (CSR) is the first step to obtaining your certificate. You need to know the URL of your website and the certificate will only be valid for that URL.
E.g.: myaccount.yourdomain.com.au, signup.yourdomain.com.au
Go to the Open SSL CSR generator
Fill in the details
When you are happy with your settings, click Generate. It should look like the example below.
In the Open SSL CSR generator, you will be shown a command to copy/paste containing the parameters you entered.
Copy (CTRL+C) the command to the clipboard.
On the machine with Open SSL, open a terminal session, paste the command and run it.
OpenSSL creates both your private key and your CSR. It saves them to two files:
- signup_mycompany_com_au.key
- signup_mycompany_com_au.csr
You will need to keep both of these files handy and we recommend you store them in a secure location.
Option B) If you do not have access to a server that can run the OpenSSL commands required
This website is a very simple way of generating both the Private Key and Certificate Signing Request required.
The output will be provided to you in plain text (PEM-encoded ASCII). You will generally copy the certificate data into one file, while copying the private key into another.
The certificate signing request block is everything between (and including) the following
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
and would typically be pasted into a file with a .csr extension.
The private key block is everything between (and including)
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
and would typically be pasted into a file with a .key extension.
(2) Step Two: Contact a Certificate Signing Authority
Once you have a CSR for your website, it needs to be sent to a Certificate Signing Authority who will validate and sign the certificate for you. The verification and validation process will vary based on the provider, the type of SSL certificate you request and how long you want the certificate to be valid for.
Emersion is not a Certificate Signing Authority.
We cannot sign or verify a certificate request for you. Emersion remains independent and will not recommend a specific Certificate Signing Authority. A certificate Signing Authority will assist you to choose the certificate that best suits you, and guide you on the specific process for your certificate.
(3) Step: Three: Sending the Certificate and the Private Key to Emersion
Once the signed SSL certificate has been delivered to you, forward it to Emersion with the Private Key. We need both the SSL Certificate and Private Key in order to complete the installation of the SSL Certificate on the server.
If your certificate provider asks what "version" certificate is required to be issued, we will accept a standard X509 certificate in plain text format. We use the NGINX web server.
They may be sent with a file extension like .crt, .cer, .pem however will be visible in a text editor and will look similar to the screenshot below on the right, only with a -----BEGIN CERTIFICATE----- header instead
A signed SSL Certificate - as viewed in Microsoft Windows®
Private Key – as viewed in a text editor
