New certificate

Login to the portal and go to SSL-certificates > New certificate

The new certificate page displays an overview of our complete list of SSL-certificates available for order.

We provide certificates from the CA's listed below;

  • Sectigo
  • Geotrust
  • Globalsign
  • Symantec
  • Thawte

Using the filters you can filter out any type or brand of certificate you're specifically looking for. A various offering of Single domain, Multi domain & Wildcard SSL-certificates are available that have different types of validation methods. There are three validation methods, Domain validated certificates, Organization validated certificates & Extended validation certificates.

1
To filter for any specific type, brand or validation method, just select the filters for the type/brand/method you're looking for and the complete list will be filtered to only show the types/brands/methods you're looking for

2
Once filtered, click Order to start the order of the certificate you need.

As mentioned above, different types of certificates can be requested. For example purposes,we'll go over the order process for the Sectigo brand for the various validation methods. Before being able to request an SSL-ertificate of any type, a Certificate Signing Request (CSR) has to be created that is submitted in the certificate request.

Important

Remember to store the private key that is created during the CSR creation in a safe place and to never share it with anyone as this potentially compromises the security of your certificate when it falls into the hands of bad actors.

Create a certificate signing request
Request a Domain validation certificate
Request an organization validation certificate
Request an extended validation certificate

Create a certificate signing request (CSR)

A Certificate Signing Request (CSR) is required to order an SSL certificate. Once you generated a CSR, a private key will also be generated on your web server. If you want to create a wildcard certificate, you need to submit an * (asterisk) as common name. For example; *.mydomain.com. To create a CSR, you can use the OpenSSL command for example.

Generating a CSR with the OpenSSL Command

1
For creating a CSR you must be logged in to the server via an SSH connection. Use the cd command to navigate to the folder in which the certificates should be saved:
cd /etc/ssl/certs/
CSR with RSA private key
1
The following command can be used to generate the CSR with SHA1:
openssl req -utf8 -nodes -newkey rsa:2048 -keyout www_domainname_com.key -out www_domainname_com.csr
2
For generating the CSR with a SHA2 hash, the -SHA256 tag is added to the command:
openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout www_domainname_com.key -out www_domainname_com.csr
CSR with ECC private key
1
When an ECC key is needed, it's required to enter two commands. One for generating the key, and the 2nd for the CSR:
openssl ecparam -out server.key -name prime256v1 -genkey
openssl req -new -key server.key -out server.csr
CSR for SAN/Multi domain

Important

Extra domains can be submitted on the request page as well separately from the CSR.

1
Create a copy of the existing config file. The existing OpenSSL config file will be located at /etc/ssl/openssl.cnf or /usr/lib/ssl/openssl.cnf. Use the cp command to make a copy of the config file (make sure the target directory exists)
cp /etc/ssl/openssl.cnf /home/name/multi_domain_site/
2
Edit the config file and enable [ v3_req ]
nano /home/name/multi_domain_site/openssl.cnf
3
Look for the [ req ] section in the file. Un-comment the following line: If you don’t see the line, add it under the [ req ]. This will direct OpenSSL to read the [ v3_req ] section.

4
Scroll down until you see [ v3_req ] and add the following line "subjectAltName = @alt_names", hhis will cause the config file to read alt names.

5
Create a new section [ alt_names ] at the bottom of the config file. Add SAN or DNS or Alt names in the format below

[ alt_names ]
DNS.1 = www.exampledomain.com
DNS.2 = test.exampledomain.com
DNS.3 = local.exampledomain.com
DNS.4 = viritual.exampledomain.com

6
Save the file and generate the private key
openssl genrsa -out domainname_com.key 2048
7
Generate the CSR
openssl req -new -key domainname_com.key -out domainname_com.csr -config openssl.cnf
Providing certificate details

Once you've executed either the RSA, ECC or multi domain method, you will now be asked to enter fields like the common name, company name, department, country name, and locality. The information given in the CSR needs to be correct and valid since it corresponds to the WHOIS information of the domain name and the Chamber of Commerce if applicable. The fields Email Address, Optional company name and challenge password can be left empty when applying for a web server certificate.

Important

OpenSSL generates two files: the CSR (with the name format www_domainname_com.csr) and the Private Key (with the name format www_domainname_com.key)

Remember to store the private key that is created during the CSR creation in a safe place and to never share it with anyone as this potentially compromises the security of your certificate when it falls into the hands of bad actors.

1
Country Name (2 letter code) [AU]: NL
2
State or Province Name (full name) [Some-State]: Overijssel
3
Locality Name (eg, city): Zwolle
4
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Realtime Register B.V.
5
Organizational Unit Name (eg, section) []: IT
6
Common Name (eg, YOUR name) []: www.domainname.com
7
Email Address []: (optional)
8
A challenge password []: (optional)
9
An optional company name []: (optional)

Important

For the Common Name (CN) it's advised to enter the Full Qualified Domain Name (FQDN) including the www. example www.domainname.com

  • Now that you've successfully created your CSR, you can use it in a certificate request and order an SSL-certificate.

Request a domain validation certificate

Domain validation (DV) SSL-certificates provide the quickest, easiest, and most cost-effective way to receive industry-standard encryption. This validation type requires proof of ownership for the secured domain and is typically issued within minutes. Once installed, DV certificates show trust indicators in browsers like the padlock icon and the string https:// before the website domain. Because the legitimacy of the organization is not vetted, they are not recommended for business websites but are ideal for internal sites, test servers, and test domains.

The value propositions of DV SSL:

1
Validates control of a domain
2
Enables https and the padlock icon in browsers
3
Issues within minutes
DV SSL Address Bar
The DV validation method exists out of one validation step, proving domain control through either Email, File or DNS validation. We'll go over the Single, Multi & Wildcard domain validation certificate requests one by one, just click one of the links below and you'll be directed to the relevant KB-article with instructions.
Single domain DV certificate request
Multi domain DV certificate request
Wildcard domain DV certificate request

Request an organization validation certificate

Organization validation (OV) SSL-certificates are a step up from DV SSL-certificates. To receive one, an organization must prove it owns the domain it wishes to secure and confirm that it is a legally registered business. These can only be issued to a registered organization and not individuals, making them more suitable for public-facing websites.

The value propositions of OV SSL:

1
Validates control of the domain
2
Enables https and the padlock image
3
Authenticates the legitimacy of an organization, adding a level of trust
4
Shows organization details in the certificate information
5
Issues in 1-3 days
Address Bar of a Website With a OV SSL Certificate

When an Organization Validation SSL certificate is issued, the CA will verify that your organization is a legal, legitimate entity. The CA will issue your digital certificate after verifying your organization through a few steps including confirming your organization’s presence in the registered location, telephone numbers, and domain ownership. We'll go over the Single, Multi & Wildcard organization validation certificate requests one by one, just click one of the links below and you'll be directed to the relevant KB-article with instructions.

Single domain OV certificate request
Multi domain OV certificate request
Wildcard domain OV certificate request

Request an extended validation certificate

Extended validation (EV) SSL-vertificates provide the highest level of trust and are the industry standard for business websites. In addition to the trust indicators provided by the DV and OV types, EV certificates activate the "green address bar" in select web browsers by displaying the authenticated company name in green adjacent to the web address.

To receive one, website owners must meet the authentication requirements for an OV SSL but also go through a stricter vetting process performed by a human specialist from the CA. Research indicates that consumers who see the green address bar on sites experience greater confidence in the site’s legitimacy and are more likely to engage in online transactions. This type is recommended for all business and enterprise websites, but is especially important for any site that requests personal information from users (eCommerce, financial, legal and otherwise).

The value propositions of EV SSL:

1
Validates control of the domain
2
Enables https and the padlock image
3
Authenticates the legitimacy of an organization, adding an additional level of trust
4
Verifies the applicant has the right to request an EV SSL and is in good standing with the organization
5
Shows organization details in the certificate information
6
Activates the green bar in select web browsers
7
Issues in 1-5 days
EV SSL Address Bar

Details that are validated in the EV validation process are;

1
Complete Domain Control Verification (DCV) to verify the domain(s) are controlled by the organization. This can be completed using 1 of 3 methods: DCV email, CNAME or HTTP(S) challenge.
2
Organization legal name and that it is in good standing.
4
Exact organization tradename / DBA (Doing Business As) if applicable.
5
Who is currently operating the business.
6
Address of where the business operates.
7
Organization main listed telephone number.
7
Who controls the domain(s) listed on the certificate.
8
Authenticity of the subscriber agreement.
We'll go over the Single & Multi domain extended validation certificate requests one by one. Wildcard certificates are not available for the extended validation method. Just click one of the links below and you'll be directed to the relevant KB-article with instructions.
Single domain EV certificate request
Multi domain EV certificate request

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.