Reputation: 11
TLS certificate on a production server
I need to deploy my application on a server provided by my company's client. I want to serve pages through HTTPS, therefore I need a TLS certificate. My company's client already have other sites and uses certificates on them.
My question is: who usually provides this certificate? I'm a 99% sure that my company's client should do it but I want to be sure. If so, what do I need to ask for?
Thanks.
Upvotes: 1
Views: 489
Answers (2)
Reputation: 33933
If you have access to your client's server and can receive emails like [email protected] or [email protected], you can do the certificate purchase for him.
If you can create a CSR (Certificate Signing Request) from your client's cPanel or WHM, you're all set.
Now, from what I know... and without prejudice, (because this may vary from a Certification Authority(CA) to another, I don't know... And this is as march 2016)
There is 4 classes of certificates.
Class 1 is a self-signed certificate.
It is the most commonly used.
This is enought in most cases since encryption will be enabled.
The only validation made is to confirm an email like the one I cited above.
But for the main domain address only...
It is not including all its sub-domains.
You can manage multiple certs for additionnal sub-domains... But it gets complicated quite fast.
Class 2 is a person certification.
It is needed to acquire class 3 and 4.
This one requires you to send a valid ID like a country passport to validate your identity.
AND (no joke!) a recent picture of you holding it in a good image resolution.
Class 3 (also called OV) is the same thing as class 1 except it allows all sub-domains.
You will have to be named, via a letter from the CEO, as an autorized contact to act on their behalf.
Then, the organization or company has also to be autentified via a direct phone call to the CEO.
Class 4 (also called EV) is the same as class 3, but the certificate shows like a nice very visible green bar with the name of the company in front of the url in the browsers address bar.
This one is only availaible to companies and legally registered organizations.
You can Google "Certificate Authority" to find a certificate emitter.
CHECK the pricings !!
There a lot differences between one and another.
;)
As a hint for time it takes to implement:
It took me like 4 hours on my first try for class 1.
(3 years ago... I was "slower" than now! If you're fast, it can take you 45 min.)
It took me around 4 months to get the class 4 on my first try.
(I didn't have a passport! If you're fast, it could take you 2 weeks.)
For the record, by reading this, you just saved 2 fulltime weeks reseaching on the differences between classes and the administrative process related. You probably wouldn't find all these details anyway... without really doing the request.
;)
Upvotes: 1
Reputation: 9782
Work with the client to purchase a certificate. The provider will usually give you all the information you need to install it.
Be sure to update your server config to deliver HTTPS.
Upvotes: 0
Related Questions
- How to create .pfx file from certificate and private key?
- Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
- Server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
- curl: (60) SSL certificate problem: unable to get local issuer certificate
- Using openssl to get the certificate from a server
- How should I ethically approach user password storage for later plaintext retrieval?
- TLS secure without certificate?
- Multiple certificates in TLS handshake "certificate" message