In order to apply a trusted SSL certificate from a Certifcate Authority, you need to generate a certificate request from your private key and send the request to a certificate issuer, like VeriSign or Thawte. The certificate issuer will sign the request and send back the certificate. To generate a certificate request:
openssl req -new -key server.key -out server.csr
You will be asked for more information about your organization and web site. Please give correct information. You should give valid domain names of your web site when you are asked for Common Name but not any aliases. To determine the valid domain name, you can use commands such as nslookup, dig or host. For example, if the web site can be accessed via both http://foo.bar
and http://www.foo.bar
, usually foo.bar
is the valid domain name (canonical name), www.foo.bar
is an alias; foo.bar
should be used for the Common Name.