SSL certificates

• Each IP address can only have one SSL certificate - not strictly true Show archive.org snapshot , but in general
• SSL provider: ssls.com Show archive.org snapshot
• Usual SSL certificate: RapidSSL Show archive.org snapshot ($10 USD for 1 year)
• If you buy a RapidSSL certificate for www.example.com it will also work for example.com but not other.example.com
• Usual wildcard SSL certificate: RapidSSL Wildcard Show archive.org snapshot ($99 USD for 1 year)
• Extended validation "green bar" SSL certificate: GeoTrust True BusinessID with EV Show archive.org snapshot ($149 USD for 1 year)
• If you just need to secure a few subdomains (e.g. www.example.com and shop.example.com) also consider a SAN "multi-domain" certificate, i.e. PositiveSSL Multi-Domain Show archive.org snapshot . Can't seem to buy it from ssls.com, but Namecheap is the same company. ($30 USD for 1 year and 3 subdomains, additional subdomains $13)
• If given the option, make sure to choose SHA-2, 2048-bit key length, 256-bit encryption
• Web server config: cipherli.st Show archive.org snapshot / mozilla Show archive.org snapshot

Generate a cert:

openssl req -new -sha256 -newkey rsa:2048 -nodes -out example.com.csr -keyout example.com.key -subj "/C=NZ/ST=Auckland/L=Auckland/O=The Fold/OU=Security/CN=example.com"