1. Login to your SSL account.
In the previous We bought PositiveSSL . To activate click “New” and “Activate” .
2. Enter CSR (Certificate Signing Request)
Now We will show you how to create CSR on Linux via command below.
2.1 Login to your server via your terminal client (ssh). The first step will be generating the private key. At the prompt, type:
openssl genrsa -out [private-key-file.key] 2048
openssl genrsa -out ssl.key 2048
2.2 Once the private key has been generated, run the command below to generate the CSR.
openssl req -new -key [private-key-file.key] -out [CSR-file.txt]
openssl req -new -key ssl.key -out CSR.txt
When We enter command 2.2 it need you to fill some information below
– Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
– State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: Oregon.
– Locality or City (L): The Locality field is the city or town name, for example: Eugene.
– Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corportation or XY and Z Corportation.
– Organizational Unit (OU): This field is the name of the department or organization unit making the request.
– Common Name (CN): The Common Name is the Host + Domain Name. For example www.bbtest.net or secure.bbtest.net
– Optional Fields: When promted, please do not enter your email address, challenge password or an optional company name when generating the CSR. Pressing Enter/Return will leave these fields blank.
After you finish all step above you can view the CSR file
3. Copy and Paste CSR
4. Domain Verification
After you finish step 3 it will show you 2 options for verify with domain to make sure you are domain owner.
option 1 : upload activation file to /.well-known/pki-validation to public directory of domain that you want to add ssl.
option 2 : email verification this option it will send mail to your master mail of domain .
In the section We choose option 1 as below picture , so We need to download Activation file and put it into /.well-known/pki-validation/ activation file
5. Wait until domain verification complete
After domain verification has been completed you will able to download SSL file.