- Determine the number of domains that need to be secured.
This is a good place to start because the number of domains that need to be secured with an SSL/TLS certificate(s) will help to narrow down the type of certificate(s) that is best for your use case. For example, EV certificates do not support wildcard domains or IP addresses – so, that option can be eliminated if you are looking to support either of those.
- Decide the level of identity assurance you want to provide to website visitors.
Giving your customers and prospects higher identity assurance is reflected in the price of the certificate. In exchange, your website visitors will have more confidence transacting with you online because the browser shows a positive indication of your identity. This is what separates your website from fraudulent look-alike sites.
- Set aside a budget.
The good news is that SSL/TLS certificates require a rather modest budget. The two main items that impact the cost of deploying SSL/TLS certificates are the level of verification needed and the number of SANs required to secure your web-based project. By following steps one and two, you will be able to get a good idea of how much money you need to set aside for HTTPS.
- Generate a certificate signing request, CSR.
The CSR is the key component to creating an SSL/TLS certificate. Your server generates the CSR, which gets embedded into your SSL/TLS certificates. The browsers match the public key that’s generated by your server with the private key that is safeguarded on the server to create an encrypted connection from your website to your server. A positive pairing is the permission slip that enables visitors to experience a seamless entry to your website.
- Establish whether your certificate will be used for Public Trust or Private Trust.
Public and private trust certificates are types of SSL/TLS certificates that are formatted to suit different use cases. Public SSL/TLS certificates are needed for digital projects that can be viewed publicly — by anyone surfing the internet or other user community. Whereas, private trust provides a secure service for internal IT environments.
Entrust Datacard, the certification authority (CA) — or vendor that issues SSL/TLS certificates — works with someone in your organization to complete the verification process based on the type of certificate(s) you ordered. Once the verification is complete, the CSR is used to develop a unique certificate for you. The certificate can either be picked up by email or, if you have access to Entrust’s certificate manager, through our Certificate Services management platform.
There you have it! Everything you’ll need to build an SSL/TLS certificate for your web-based project.
7-Part Blog Series
- SSL/TLS 101 – Why Do I Need an SSL/TLS Certificate
- SSL/TLS Certificate Types – Choosing the Right One for Your Use Case
- SSL/TLS Verification – Digital Identity for Your Website
- What is a SAN (Subject Alternative Name) and how is it Used?
- What is a CSR and How Do I Get One?
- What’s the Difference between a Public and Private Trust Certificate?
- How to Build an SSL/TLS Certificate | The Five Simple Steps That Bring You to HTTPS