For a smooth setup of your SSL Certificate on your website you need to ensure you:
a. Have got the correct certificate in the correct format as requested
b. Have got a certificate that matches with your submitted CSR and private key
c. Are able to setup the certificate correctly as per your web server platform
d. Are also able to troubleshoot issues not related to SSL certificate setup
Here are our suggestion of 5 things to do after you get your SSL certificate for your website no matter where you got your certificate from:
1. Check if the CSR and Private Key match the SSL Certificate received
Use OpenSSL to match your CSR or Private Key with the SSL Certificate generated to check if it is valid for installation.
- Use these commands to generate the Certificate hash value and the CSR hash value and then see if they match.
openssl x509 -in cert.crt -pubkey -noout -outform pem | sha256sum
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum
- Use these commands to generate the Certificate hash value and the Private key hash value and then see if they match.
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
openssl x509 -in cert.crt -pubkey -noout -outform pem | sha256sum
2. Decode the details of the SSL certificate
Decode the SSL certificate to check if it has valid information before installing it by using this online tool.
- Check for domain (common) name
- Check for start & end dates of certificate validity.
(OPTIONAL) Convert the certificate to the correct format
If the certificate received is not in a format compatible with your web server platform, you can easily convert the generated SSL certificate between various formats such as PEM, DER, PFX and P7B. This online tool can help.
- The .cer certificate is usually a DER format Windows certificate file for use with the IIS web server.
- The .crt format is usually a PEM format file used with web servers such as Apache & nginx on Linux-based systems.
3. Setup your certificate for your web server platform
Here are some common do-it-yourself SSL installation scenarios and the process is exactly the same for a specific platform across certificates of any brand.
4. Check your SSL Certificate setup
Once you install the certificate you need to check if it is correctly setup. Verify the SSL certificate is installed correctly on your web server, and trusted by browsers using this online tool.
There are many reasons why the website be shown as Not Secure in web browsers and here are some of them:
- Your web server may need a restart after setup for the padlock icon to show in the web browser.
- You may have not setup the intermediate CA certificate with the SSL certificate.
- You may have not replaced the previous certificate files with the new ones, or saved the new files in the wrong location.
5. Troubleshoot issues not related to certificate setup
Use this online tool to find out why there is no padlock icon with the https displayed in the web browser address bar for some website pages even after correct SSL certificate setup.
This mostly happens when your page loads too many scripts or media files using http instead of https.