1

I rarely need to create certificates, but when I do I can never remember the exact procedures so I decided to create my own how-to. Hopefully this will help others in the same situation.

I always have to remember that each device, server, webpage, etc will require it’s own unique certificate created with it’s own unique certificate request. Generating new certificates will not revoke previously created certificates.

I use a Comodo PositiveSSL Wildcard Certificate I purchased through https://store.ssl2buy.com as my Certificate Authority (CA)

  • Total time: 10 Minutes
  • Estimated cost: Cost of certificate
  • Tools used: Certificate generator, Certificate Authority

Step 1: Access to a Certificate Authority

You must have access to a certificate authority (CA) before you can create a secure certificate. The CA will verify your rights to create the certificate for your server, device, website, etc based on your domain ownership verification.

Once you have access to a legitimate CA source, you are ready to proceed.

Step 2: Generate Certificate Request (CSR)

You have to figure out how to generate the Certificate Request (CSR) for the instance that requires a secure connection.

There are many ways to create the CSR which can be searched on the internet.

In my case I needed a secure connection to an access point management web page. The access point console provides a button to generate the CSR for me, all I have to do is enter the required information needed by the CA.

Step 3: Creating the certificate

Once you have your CSR, you need to go to your CA and upload the data from the CSR.

Whatever CA you’re using will have an area to paste the CSR data into a field.

Open the CSR with a text editor, I use Notepad. This will display a lot of encrypted data, but it will ALWAYS start with:

-----BEGIN CERTIFICATE REQUEST-----

and end with:

-----END CERTIFICATE REQUEST-----

Copy ALL the text including the BEGIN CERTIFICATE REQUEST to the END CERTIFICATE REQUEST.

Once you have the data copied you can paste it into the Certificate Request field on the CA website.

Step 4: Generating Certificate

Once you have uploaded the CSR to your CA, it will create the certificate. In my case, the CA requires that a verification email be sent to a standard email address like hostmaster@contoso.com or something similar. If this is the same for you, make sure have access to this mailbox or that you have email sent to this mailbox to forward to your personal email.

Verify the email you receive (if necessary) and you should now have access to your new certificate.

Step 5: Download and store certificate files

Once you have completed the process you should have access to download all the required certificate files, which should include intermediate CA certificates if you need them.

All that is left to do is to assign the certificate to the server, device, webpage, etc.

Some devices may require the certificate be associated with a private key, rather than the private key being stored on the device. If this is the case I created another how to of how to convert a certificate to a private key certificate format like *.pem. Here is the link:

https://community.spiceworks.com/how_to/186561-convert-ssl2-comodo-wildcard-certificate-to-private-key

2 Spice ups