Buying SSL Certificate from GoDaddy and Installing on Amazon EC2 Apache Instance

I ended up choosing GoDaddy.  I bought it for a year just in case things didn’t pan out as it was my first time buying and setting this type of thing up.

What I bought was a ssl certificate that will allow us to process credit card payments directly on our website. For example, when you buy something online your website will get a certificate that says, “I am really the merchant who I say I am and you can trust me”. If you don’t have a certificate that is from a trusted source then you web browser will pop-up a message saying, “this could be an intruder trying to steal your information”. Worse yet, if you don’t secure your site then credit card numbers are in plain sight for anybody to capture as the information travels through the internet.

It is pretty important to buy a certificate for the buyers protection and for the protection of the organization. The certificates ranges from $20/year to over $1000/year depending on where you buy them. The key is that you get them from a reliable, trusted source. Especially a source that you know will be around for a long time. Microsoft, Google and others will not trust just any company. You need a company that other companies trust. I went with GoDaddy because it is very cost effective but as a trusted company.

What did I do:

  • Bought a Turbo SSL Certificate from GoDaddy
  • Sign into the SSL Certificate Management
  • You will see a line amongst the clutter “SSL Certificate”  *New Certificate*  then the button “Launch”.
  • Add your CSR.  You will see “Enter your Certificate Signing Request (CSR) below”
  • To learn about generating the CSR you can go here

Generate the Certificate:

  • I made a new folder under /etc/ssl called /newcerts

/etc/ssl/newcerts$ sudo openssl req -new -newkey rsa:2048 -nodes -keyout heartlineministries.key -out heartlineministries.csr

  • Couple notes from GoDaddy help on answering the questions:

Common Name: The fully-qualified domain name, or URL, you’re securing.  If you add the name with www.domain.com then it will work for both www.domain.com and domain.com.

Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.

 Verify Host

  • You will need to verify that you own the domain you are registering the certificate to. The easiest method, in my mind, is that you put the file on your server but you can either put a file on your server or add a TXT DNS record with a specific value.
  • After you are verified you will be able to download the certificate in a zip file.  GoDaddy has excellent instructions on how to install the certificate depending on what host you will be using.  For DreamHost, I downloaded the “cpanel/web managed” option.

Host Configuration

  • I have signed up for DreamHost. We are thankful for them! This is perfect because they all SSL whereas our previous place did not.
  • You will need to add the ability to have a static ip address.  In the case of DreamHost, this costed an extra $3.95/month.
  • In order to load your certificate you will need the private key, public certificate (crt) and optionally the certificate signing request (csr).
After this is all done, you are ready for HTTPS protocol!