How to apply for SSL certificate and what brand of SSL certificate to choose?

What to choose SSL Certificate brand is good ？ In fact, it can be issued now SSL There are many certification bodies , for example DigiCert、GlobalSign、Sectigo wait , You can even sign for yourself SSL certificate , But if you want to consider each browser pair SSL Certificate trust , You need to choose carefully .

SSL Certificate selection considerations ： Whether to pass Webtrust authentication

Abroad have WebTrust Institutions come right SSL The certification authority conducts audit certification , Only through WebTrust The root certificate of foreign security audit certification can be preloaded into mainstream browsers , This is a SSL One of the basic thresholds for certificate credibility .

SSL Certificate selection considerations two ： Whether the root certificate is preset in various versions of the browser

There's a lot of SSL The certificate issuing authority has indeed passed Webtrust Certification of , However, due to the late establishment , Its root certificate is not in some earlier versions of browsers , Or even some browsers have not added their root certificates to the trust list , For example, there are some institutions in China SSL Certificate Firefox trust , But Apple browser doesn't trust ,IE11 trust , but IE The slightly lower version of does not trust , And so on, and so on , If you want full browser and platform trust , It's a long way .

SSL Certificate selection considerations three ： Whether there is detailed applicant authentication

SSL Certificates are currently divided into DV、OV、EV Three grades , Only OV and EV There is complete applicant authentication . The direct difference is whether there is the applicant's name in the certificate .DV It is a method that only verifies the domain name management permission SSL certificate , It can only play a basic https encryption , This is for personal sites 、 Blog 、 We media and so on may be enough , But for businesses 、 Institutions 、 Institutions, etc , This kind of certificate is non-conforming to some extent .

SSL Certificate selection considerations four ： Is the service stable

In this case SSL In fact, the certificate industry happens from time to time , As a result, many large units usually apply for certificates of two brands , When a certificate fails , Another set of certificates can be issued in a short time , Reduce the impact on the website .

Based on the above four aspects , The following two certificate brands are recommended ：

Brand one ：DigiCert

DigiCert Is a digital certificate provider , On 2017 Annual acquisition Symantec Digital certificate service . Bank 、 Electronic Commerce 、 technology 、 Healthcare and manufacturing depend on DigiCert Provide scalable encryption and authentication for its valuable online products . stay Web Outside the field ,DigiCert Through scalable 、 be based on PKI Innovative automation solutions , These solutions involve the Internet of things （IoT） Provide identity with other emerging Internet markets 、 Authentication and encryption .

Brand 2 ：WoTrus（ National secret SSL certificate ）

Wotong WoTrus National secret SSL The certificate is state secret compliant SSL Certificate products , Follow the national standard technical specifications and refer to the international standards , Support SM2/SM3/SM4 Domestic cryptographic algorithm and national security protocol , compatible 360 browser 、 Wotong state secret browser 、 Honglianhua browser and other major state secret browsers , and Rong Anheng WAF And other network security products that support state secret algorithms . Adopt self controlled password technology to protect data confidentiality 、 integrity , Prevent data from being stolen or tampered with during transmission , Ensure the authenticity of the identity of the communication subject .

Wotong WoTrus Exclusive first “SM2/RSA Double certificate ” Deployment mode , National secret SSL Support module or national secret SSL Deployed on the gateway SM2/RSA double SSL certificate , When users use 360 browser 、 Wotong state secret browser 、 When visiting state secret browsers such as honglianhua browser , Automatically adopt the state secret algorithm HTTPS encryption ; When users use Chrome、 firefox 、IE、Safari When accessing a global browser that does not support the state secret algorithm , Automatic adoption RSA Algorithm HTTPS encryption , Adaptively compatible with all browsers and mobile terminals .

attach ：SSL A brief tutorial on Certificate Application

One 、 Make CSR file

CSR Namely Certificate Secure Request Certificate request file . This document was produced by the applicant , While making , The system will produce 2 Key , One is the public key CSR file , The other is the private key , On the server . To make CSR file , Applicants can refer to WEB SERVER Documents , commonly APACHE etc. , Use OPENSSL Command line to generate KEY+CSR2 File ,Tomcat,JBoss,Resin Etc KEYTOOL To generate JKS and CSR file ,IIS Create a pending request and a CSR file .

Two 、CA authentication

take CSR To our staff , Generally speaking, there are 2 Authentication methods ：

1、 Domain name authentication , Generally through the way of administrator mailbox authentication , This way of authentication is fast , But the certificate issued does not contain the name of the enterprise ;

2、 Enterprise document Certification , Need to provide the business license of the enterprise . Generally need 3-5 A working day .

3、 ... and 、 Certificate installation

After receiving the CA After certificate , The certificate can be deployed to the server , commonly APACHE The document will directly KEY+CER Copy to file , And then modify HTTPD.CONF file ;TOMCAT etc. , Need to put CA The certificate issued CER File import JKS After the document , Copy on server , And then modify SERVER.XML;IIS Pending requests need to be processed , take CER File import .