How to Install an SSL Certificate on Windows, Linux, and macOS
Production-ready steps to generate a CSR, install your certificate, enable HTTPS redirects and HSTS, and verify with tools — using sslcheckpro.com as the example domain.
Before You Start
- Make sure your DNS A/AAAA records for sslcheckpro.com point to your server.
- Decide your certificate type: DV (quick), OV, or EV. Wildcard if you need subdomains (e.g., *.sslcheckpro.com).
- Prepare OpenSSL or a control panel to generate a CSR and private key.
1) Generate CSR and Private Key (OpenSSL)
The following creates a 2048-bit RSA key and CSR for sslcheckpro.com. Update fields as needed.
# Create a private key openssl genrsa -out sslcheckpro.com.key 2048 # Create a CSR interactively openssl req -new -key sslcheckpro.com.key -out sslcheckpro.com.csr \ -subj "/C=IN/ST=Gujarat/L=Ahmedabad/O=SSL Checker Pro/OU=IT/CN=sslcheckpro.com" # Optional: CSR with SANs (sslcheckpro.com + www) cat > san.cnf <<'EOF' [ req ] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = IN ST = Gujarat L = Ahmedabad O = SSL Checker Pro OU = IT CN = sslcheckpro.com [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = sslcheckpro.com DNS.2 = www.sslcheckpro.com EOF openssl req -new -key sslcheckpro.com.key -out sslcheckpro.com.csr -config san.cnf
Submit the CSR to your Certificate Authority (or use ACME if issuing via Let’s Encrypt). You’ll receive your certificate (server cert) and intermediate chain. Keep the private key safe.
2) Install on Windows Server (IIS)
Import the certificate
- Convert your certificate + key + chain to PFX if needed:
openssl pkcs12 -export -out sslcheckpro.com.pfx \ -inkey sslcheckpro.com.key -in sslcheckpro.com.crt -certfile intermediate-chain.crt
- Open MMC → Certificates (Local Computer) → Personal → Certificates → Import the PFX.
Bind HTTPS in IIS Manager
- Open IIS Manager → Sites → select your site.
- Click Bindings… → Add… → Type: https, Host name: sslcheckpro.com, SNI checked, select the imported certificate.
- Repeat for www.sslcheckpro.com if applicable.
Optional: Command-line binding
# Find cert thumbprint in MMC → Certificates → double-click cert → Details → Thumbprint
$thumb = "REPLACE_WITH_THUMBPRINT_WITHOUT_SPACES"
netsh http add sslcert hostnameport=sslcheckpro.com:443 certhash=$thumb appid="{00112233-4455-6677-8899-AABBCCDDEEFF}"
Force HTTPS on IIS
- Install URL Rewrite module.
- Add a rule to redirect HTTP → HTTPS (301). Or in
web.config:<configuration> <system.webServer> <rewrite> <rules> <rule name="HTTPS Redirect" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="off" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" /> </rule> </rules> </rewrite> </system.webServer> </configuration>
3) Install on Linux
Apache (httpd)
# Place certs (paths may vary) sudo mkdir -p /etc/ssl/sslcheckpro sudo cp sslcheckpro.com.crt /etc/ssl/sslcheckpro/ sudo cp intermediate-chain.crt /etc/ssl/sslcheckpro/ sudo cp sslcheckpro.com.key /etc/ssl/sslcheckpro/ # Virtual host example (ssl.conf or site vhost) <VirtualHost *:443> ServerName sslcheckpro.com ServerAlias www.sslcheckpro.com DocumentRoot /var/www/sslcheckpro SSLEngine on SSLCertificateFile /etc/ssl/sslcheckpro/sslcheckpro.com.crt SSLCertificateKeyFile /etc/ssl/sslcheckpro/sslcheckpro.com.key SSLCertificateChainFile /etc/ssl/sslcheckpro/intermediate-chain.crt # HSTS (optional) Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </VirtualHost> # Redirect HTTP → HTTPS <VirtualHost *:80> ServerName sslcheckpro.com ServerAlias www.sslcheckpro.com Redirect permanent / https://sslcheckpro.com/ </VirtualHost> sudo apachectl configtest sudo systemctl reload httpd # or apache2
Nginx
sudo mkdir -p /etc/nginx/ssl/sslcheckpro
sudo cp sslcheckpro.com.crt /etc/nginx/ssl/sslcheckpro/
sudo cp intermediate-chain.crt /etc/nginx/ssl/sslcheckpro/
sudo cp sslcheckpro.com.key /etc/nginx/ssl/sslcheckpro/
sudo nano /etc/nginx/sites-available/sslcheckpro.conf
server {
listen 80;
server_name sslcheckpro.com www.sslcheckpro.com;
return 301 https://sslcheckpro.com$request_uri;
}
server {
listen 443 ssl http2;
server_name sslcheckpro.com www.sslcheckpro.com;
root /var/www/sslcheckpro;
ssl_certificate /etc/nginx/ssl/sslcheckpro/sslcheckpro.com.crt;
ssl_certificate_key /etc/nginx/ssl/sslcheckpro/sslcheckpro.com.key;
ssl_trusted_certificate /etc/nginx/ssl/sslcheckpro/intermediate-chain.crt;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
}
sudo ln -s /etc/nginx/sites-available/sslcheckpro.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
4) Install on macOS (Local Dev or Self-Hosted)
For local development, use mkcert to generate trusted certificates:
brew install mkcert nss # nss for Firefox trust mkcert -install mkcert sslcheckpro.local www.sslcheckpro.local # Produces sslcheckpro.local+1-key.pem and .pem (use in your local server)
To serve with nginx on macOS:
brew install nginx
sudo mkdir -p /usr/local/etc/nginx/ssl
sudo cp sslcheckpro.local+1.pem /usr/local/etc/nginx/ssl/
sudo cp sslcheckpro.local+1-key.pem /usr/local/etc/nginx/ssl/
sudo nano /usr/local/etc/nginx/servers/sslcheckpro.conf
server {
listen 443 ssl;
server_name sslcheckpro.local;
ssl_certificate /usr/local/etc/nginx/ssl/sslcheckpro.local+1.pem;
ssl_certificate_key /usr/local/etc/nginx/ssl/sslcheckpro.local+1-key.pem;
root /usr/local/var/www;
}
sudo nginx -t
brew services restart nginx
5) Force HTTPS and Security Headers
- Redirect all HTTP traffic to HTTPS (301).
- Enable HSTS once you confirm HTTPS is stable:
max-age=31536000; includeSubDomains; preload. - Serve only HTTPS assets to avoid mixed content warnings.
6) Verify Installation
Use these tools to verify sslcheckpro.com after installation:
- SSL Checker — validate chain, issuer, expiry, SANs.
- HTTPS Redirect Checker — confirm redirect rules.
- HTTP Headers Checker — confirm HSTS and security headers.