SSL Certificate Generator

Create self-signed SSL certificates or certificate signing requests (CSRs) for your web servers and applications. All processing happens in your browser – your keys never leave your device.

SSL Certificate Generator

Generate SSL certificates or Certificate Signing Requests (CSR) for your servers

SSL Certificate Generator

SSL Certificate Installation Guide

Step-by-step instructions for installing SSL certificates in Apache, Nginx, IIS, and Tomcat web servers

Prerequisites:

  • Apache web server installed and running
  • SSL certificate files (certificate file, private key, and intermediate certificate bundle)
  • Root access to your server

Step-by-Step Installation

1. Upload Certificate Files to Your Server

Copy your certificate files (YourDomain.crt, YourDomain.key, CA_bundle.crt) to a secure directory on your server (e.g., /etc/ssl/certs/ for certificates and /etc/ssl/private/ for private keys)

2. Enable SSL Module in Apache

Submit your CSR to your Certificate Authority and complete the Extended Validation process. The CA will verify your business identity through various documentation and checks. This typically takes 1-5 business days.

sudo a2enmod ssl
sudo systemctl restart apache2

3. Locate Apache Configuration File

Default configuration file: /etc/apache2/sites-available/default-ssl.conf on Debian/Ubuntu or /etc/httpd/conf.d/ssl.conf on CentOS/RHEL

4. Configure Virtual Host for SSL

Edit the SSL configuration file:

sudo nano /etc/apache2/sites-available/default-ssl.conf

Add or modify the following lines in the VirtualHost section:

<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html

SSLEngine on
SSLCertificateFile /etc/ssl/certs/YourDomain.crt
SSLCertificateKeyFile /etc/ssl/private/YourDomain.key
SSLCertificateChainFile /etc/ssl/certs/CA_bundle.crt

# Other SSL settings (optional)
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLCompression off
</VirtualHost>

5. Enable the SSL Site

Restart Apache to apply the new SSL configuration.

sudo a2ensite default-ssl.conf

6. Set Up HTTP to HTTPS Redirection (Optional)

Edit your non-SSL virtual host file:

<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/
</VirtualHost>

7. Restart Apache

sudo systemctl restart apache2

8. Test Your Configuration

Visit your site using HTTPS (https://example.com)

Use an SSL checker tool like SSLLabs to verify proper installation

Security Recommendation: Regularly update your Apache server software and SSL configuration to patch vulnerabilities.

Important Security Recommendations

  • Use Strong Cipher Suites – Configure your server to use modern, secure cipher suites
  • Disable Older Protocols – Remove support for outdated protocols like SSLv2, SSLv3, TLSv1.0, and TLSv1.1
  • Implement HSTS – Add HTTP Strict Transport Security headers to enforce HTTPS connections
  • Regular Testing – Periodically test your SSL configuration using tools like Qualys SSL Labs Server Test
  • Certificate Auto-Renewal – Consider using tools like Certbot for Let’s Encrypt certificates to automate renewal
  • Keep Updated – Regularly update your web server software to patch security vulnerabilities

Prerequisites:

  • Nginx web server installed and running
  • SSL certificate files (certificate file, private key, and intermediate certificate bundle)
  • Root access to your server

Step-by-Step Installation

1. Upload Certificate Files to Your Server

Copy your certificate files to a secure directory (e.g., /etc/nginx/ssl/)

2. Combine Certificate Files (Optional)

For Nginx, you might need to combine your site certificate and CA intermediate certificate:

cat YourDomain.crt CA_bundle.crt > YourDomain_combined.crt

3. Edit Nginx Configuration

Open the Nginx configuration file:

sudo nano /etc/nginx/sites-available/default

Add or modify the server block for HTTPS:

server {
listen 443 ssl;
server_name example.com www.example.com;

ssl_certificate /etc/nginx/ssl/YourDomain_combined.crt;
ssl_certificate_key /etc/nginx/ssl/YourDomain.key;

# SSL optimization settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

# Your site configuration
root /var/www/html;
index index.html index.htm;

location / {
try_files $uri $uri/ =404;
}
}

4. Set Up HTTP to HTTPS Redirection (Optional)

Add a server block for HTTP that redirects to HTTPS:

sudo a2ensite default-ssl.conf

6. Set Up HTTP to HTTPS Redirection (Optional)

Edit your non-SSL virtual host file:

server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}

5. Check Configuration and Restart Nginx

sudo nginx -t
sudo systemctl restart nginx

8. Test Your Configuration

Visit your site using HTTPS (https://example.com)

Use an SSL checker tool like SSLLabs to verify proper installation

Performance Tip: Enable HTTP/2 by adding http2 to the listen directive: listen 443 ssl http2;

Important Security Recommendations

  • Use Strong Cipher Suites – Configure your server to use modern, secure cipher suites
  • Disable Older Protocols – Remove support for outdated protocols like SSLv2, SSLv3, TLSv1.0, and TLSv1.1
  • Implement HSTS – Add HTTP Strict Transport Security headers to enforce HTTPS connections
  • Regular Testing – Periodically test your SSL configuration using tools like Qualys SSL Labs Server Test
  • Certificate Auto-Renewal – Consider using tools like Certbot for Let’s Encrypt certificates to automate renewal
  • Keep Updated – Regularly update your web server software to patch security vulnerabilities

Prerequisites:

  • IIS web server installed and running
  • SSL certificate files (typically in PFX/PKCS#12 format)
  • Administrator access to the Windows server

Step-by-Step Installation

1. Import the Certificate

  1. Open the IIS Manager (Start → Administrative Tools → Internet Information Services (IIS) Manager)
  2. Select your server name in the left panel
  3. Double-click on “Server Certificates” in the middle panel
  4. In the right-hand “Actions” panel, click “Import…”
  5. Browse and select your PFX certificate file
  6. Enter the password for the PFX file
  7. Select the certificate store (usually “Web Hosting”)
  8. Click “OK” to import the certificate
  9. Click “OK” to import the certificate

2. Bind the Certificate to Your Website

  1. In IIS Manager, select your website in the left panel
  2. In the right-hand “Actions” panel, click “Bindings…”
  3. Click “Add…” to add a new binding
  4. Set “Type” to “https”
  5. Set “IP Address” to “All Unassigned” (or select a specific IP)
  6. Set “Port” to “443”
  7. Set “Host name” to your domain name (e.g., example.com)
  8. Select your SSL certificate from the dropdown menu
  9. Optionally, check “Require Server Name Indication” if needed
  10. Click “OK” to save the binding

3. Configure HTTP to HTTPS Redirection (Optional)

  1. Install the “URL Rewrite” module if not already installed
  2. In IIS Manager, select your website
  3. Double-click on “URL Rewrite”
  4. Click “Add Rule(s)…” in the right-hand panel
  5. Select “Blank rule” under “Inbound rules”
  6. Configure the rule:

                    8. Name: “HTTP to HTTPS redirect”
                    9. Pattern: “.*”
                    10. Conditions:
                                 11. Add condition: {HTTPS} equals off
                    12. Action:
                                 13. Type: “Redirect”
                                 14. Redirect URL: https://{HTTP_HOST}{REQUEST_URI}
                                 15. Redirect type: “Permanent (301)”
          16. Click “Apply” to save the rule

8. Test Your Configuration

Visit your site using HTTPS (https://example.com)

Important: IIS requires a server restart only if you make significant changes to the SSL configuration. For most certificate installations, a restart is not necessary.

Important Security Recommendations

  • Use Strong Cipher Suites – Configure your server to use modern, secure cipher suites
  • Disable Older Protocols – Remove support for outdated protocols like SSLv2, SSLv3, TLSv1.0, and TLSv1.1
  • Implement HSTS – Add HTTP Strict Transport Security headers to enforce HTTPS connections
  • Regular Testing – Periodically test your SSL configuration using tools like Qualys SSL Labs Server Test
  • Certificate Auto-Renewal – Consider using tools like Certbot for Let’s Encrypt certificates to automate renewal
  • Keep Updated – Regularly update your web server software to patch security vulnerabilities

Prerequisites:

  • Tomcat server installed and running
  • Java Keytool utility (comes with Java installation)
  • SSL certificate files (or PKCS#7/P7B file)

Step-by-Step Installation

1. Prepare Your Keystore

If you generated your CSR using Tomcat/keytool, you already have a keystore

If not, create a new keystore:

keytool -genkey -alias tomcat -keyalg RSA -keystore /path/to/keystore.jks

2. Import the Certificate into Keystore

If you have a P7B/PKCS#7 file:

keytool -import -trustcacerts -alias tomcat -keystore /path/to/keystore.jks -file /path/to/your_certificate.p7b

If you have separate certificate files:

# Import the root CA certificate
keytool -import -trustcacerts -alias root -keystore /path/to/keystore.jks -file /path/to/root_ca.crt

# Import the intermediate certificate
keytool -import -trustcacerts -alias intermediate -keystore /path/to/keystore.jks -file /path/to/intermediate.crt

# Import your domain certificate
keytool -import -trustcacerts -alias tomcat -keystore /path/to/keystore.jks -file /path/to/your_domain.crt

3.Configure Tomcat for SSL

Edit Tomcat’s server.xml file (usually located in TOMCAT_HOME/conf/):

sudo nano /path/to/tomcat/conf/server.xml

Find the commented-out Connector section for HTTPS/SSL and uncomment or add it:

<Connector port=”8443″ protocol=”org.apache.coyote.http11.Http11NioProtocol”
maxThreads=”150″ SSLEnabled=”true”>
<SSLHostConfig>
<Certificate certificateKeystoreFile=”/path/to/keystore.jks”
certificateKeystorePassword=”your_keystore_password”
certificateKeyAlias=”tomcat”
type=”RSA” />
</SSLHostConfig>
</Connector>

For older Tomcat versions (6 or 7):

<Connector port=”8443″ protocol=”HTTP/1.1″ SSLEnabled=”true”
maxThreads=”150″ scheme=”https” secure=”true”
keystoreFile=”/path/to/keystore.jks”
keystorePass=”your_keystore_password”
clientAuth=”false” sslProtocol=”TLS” />

4.Restart Tomcat

sudo systemctl restart tomcat
# or
./path/to/tomcat/bin/shutdown.sh
./path/to/tomcat/bin/startup.sh

8. Test Your Configuration

Access your Tomcat application using HTTPS and the configured port: https://example.com:8443

Note: Remember to secure your keystore and backup the keystore file. If you lose the keystore, you’ll need to create a new one and reinstall the certificate.

Important Security Recommendations

  • Use Strong Cipher Suites – Configure your server to use modern, secure cipher suites
  • Disable Older Protocols – Remove support for outdated protocols like SSLv2, SSLv3, TLSv1.0, and TLSv1.1
  • Implement HSTS – Add HTTP Strict Transport Security headers to enforce HTTPS connections
  • Regular Testing – Periodically test your SSL configuration using tools like Qualys SSL Labs Server Test
  • Certificate Auto-Renewal – Consider using tools like Certbot for Let’s Encrypt certificates to automate renewal
  • Keep Updated – Regularly update your web server software to patch security vulnerabilities