New certificate

Login to the portal and go to SSL-certificates > New certificate

The new certificate page displays an overview of our complete list of SSL-certificates available for order.

We provide certificates from the CA's listed below;

• Sectigo
• Geotrust
• Globalsign
• Symantec
• Thawte

Using the filters you can filter out any type or brand of certificate you're specifically looking for. A various offering of Single domain, Multi domain & Wildcard SSL-certificates are available that have different types of validation methods. There are three validation methods, Domain validated certificates, Organization validated certificates & Extended validation certificates.

1

To filter for any specific type, brand or validation method, just select the filters for the type/brand/method you're looking for and the complete list will be filtered to only show the types/brands/methods you're looking for

2

Once filtered, click Order to start the order of the certificate you need.

As mentioned above, different types of certificates can be requested. For example purposes,we'll go over the order process for the Sectigo brand for the various validation methods. Before being able to request an SSL-ertificate of any type, a Certificate Signing Request (CSR) has to be created that is submitted in the certificate request.

Create a certificate signing request (CSR)

A Certificate Signing Request (CSR) is required to order an SSL certificate. Once you generated a CSR, a private key will also be generated on your web server. If you want to create a wildcard certificate, you need to submit an * (asterisk) as common name. For example; *.mydomain.com. To create a CSR, you can use the OpenSSL command for example.

Generating a CSR with the OpenSSL Command

1

For creating a CSR you must be logged in to the server via an SSH connection. Use the cd command to navigate to the folder in which the certificates should be saved:

cd /etc/ssl/certs/

CSR with RSA private key

1

The following command can be used to generate the CSR with SHA1:

openssl req -utf8 -nodes -newkey rsa:2048 -keyout www_domainname_com.key -out www_domainname_com.csr

2

For generating the CSR with a SHA2 hash, the -SHA256 tag is added to the command:

openssl req -utf8 -nodes -sha256 -newkey rsa:2048 -keyout www_domainname_com.key -out www_domainname_com.csr

CSR with ECC private key

1

When an ECC key is needed, it's required to enter two commands. One for generating the key, and the 2nd for the CSR:

openssl ecparam -out server.key -name prime256v1 -genkey

openssl req -new -key server.key -out server.csr

CSR for SAN/Multi domain

1

Create a copy of the existing config file. The existing OpenSSL config file will be located at /etc/ssl/openssl.cnf or /usr/lib/ssl/openssl.cnf. Use the cp command to make a copy of the config file (make sure the target directory exists)

cp /etc/ssl/openssl.cnf /home/name/multi_domain_site/

2

Edit the config file and enable [ v3_req ]

nano /home/name/multi_domain_site/openssl.cnf

3

Look for the [ req ] section in the file. Un-comment the following line: If you don’t see the line, add it under the [ req ]. This will direct OpenSSL to read the [ v3_req ] section.

4

Scroll down until you see [ v3_req ] and add the following line "subjectAltName = @alt_names", hhis will cause the config file to read alt names.

5

Create a new section [ alt_names ] at the bottom of the config file. Add SAN or DNS or Alt names in the format below

[ alt_names ]
DNS.1 = www.exampledomain.com
DNS.2 = test.exampledomain.com
DNS.3 = local.exampledomain.com
DNS.4 = viritual.exampledomain.com

6

Save the file and generate the private key

openssl genrsa -out domainname_com.key 2048

7

Generate the CSR

openssl req -new -key domainname_com.key -out domainname_com.csr -config openssl.cnf

Providing certificate details

Once you've executed either the RSA, ECC or multi domain method, you will now be asked to enter fields like the common name, company name, department, country name, and locality. The information given in the CSR needs to be correct and valid since it corresponds to the WHOIS information of the domain name and the Chamber of Commerce if applicable. The fields Email Address, Optional company name and challenge password can be left empty when applying for a web server certificate.

1

Country Name (2 letter code) [AU]: NL

2

State or Province Name (full name) [Some-State]: Overijssel

3

Locality Name (eg, city): Zwolle

4

Organization Name (eg, company) [Internet Widgits Pty Ltd]: Realtime Register B.V.

5

Organizational Unit Name (eg, section) []: IT

6

Common Name (eg, YOUR name) []: www.domainname.com

7

Email Address []: (optional)

8

A challenge password []: (optional)

9

An optional company name []: (optional)

• Now that you've successfully created your CSR, you can use it in a certificate request and order an SSL-certificate.

Request a domain validation certificate

The DV validation method exists out of one validation step, proving domain control through either Email, File or DNS validation. We'll go over the Single, Multi & Wildcard domain validation certificate requests one by one, just click one of the links below and you'll be directed to the relevant KB-article with instructions.

Request an organization validation certificate

Organization validation (OV) SSL-certificates are a step up from DV SSL-certificates. To receive one, an organization must prove it owns the domain it wishes to secure and confirm that it is a legally registered business. These can only be issued to a registered organization and not individuals, making them more suitable for public-facing websites.

When an Organization Validation SSL certificate is issued, the CA will verify that your organization is a legal, legitimate entity. The CA will issue your digital certificate after verifying your organization through a few steps including confirming your organization’s presence in the registered location, telephone numbers, and domain ownership. We'll go over the Single, Multi & Wildcard organization validation certificate requests one by one, just click one of the links below and you'll be directed to the relevant KB-article with instructions.

Request an extended validation certificate

Details that are validated in the EV validation process are;

1

Complete Domain Control Verification (DCV) to verify the domain(s) are controlled by the organization. This can be completed using 1 of 3 methods: DCV email, CNAME or HTTP(S) challenge.

2

Organization legal name and that it is in good standing.

4

Exact organization tradename / DBA (Doing Business As) if applicable.

5

Who is currently operating the business.

6

Address of where the business operates.

7

Organization main listed telephone number.

7

Who controls the domain(s) listed on the certificate.

8

Authenticity of the subscriber agreement.

We'll go over the Single & Multi domain extended validation certificate requests one by one. Wildcard certificates are not available for the extended validation method. Just click one of the links below and you'll be directed to the relevant KB-article with instructions.

Single domain EV certificate request

Multi domain EV certificate request

---