Request a certificate from a certificate vendor
Now, with your CSR in hand, visit the Web site of your favorite SSL certificate provider and buy your new certificate. During the registration process, you need to provide the certificate company with information validating you or your company's identity. Some consider this part a hassle, but it really is a vital part of the overall SSL chain. After all, you don't want just anyone receiving a certificate that uses your company name!
The certificate request process varies by certificate company, so I can't really provide the exact steps for the certificate request. What I can tell you is that, at some point, you'll need to open up the text file that contains the certificate request in order to copy and paste the encrypted certificate request in the appropriate field on the order form.
Once you complete the vendor's certificate request (Figure F) form and provide them with payment, you'll need to wait for the SSL certificate to be delivered to you via e-mail.
Figure F
Provide the necessary information for the SSL certificate vendor
Save the provided certificate somewhere accessible
What you get back from a certificate vendor depends on the vendor you choose. In the case of the company that I used to get my certificate, they sent back a zip file with three certificates. One of the certificates is named ssltest_westminster-mo_edu.crt. This is the certificate I need for the new Web site. The other two certificates are required if you need to chain the new certificate back to a root certificate. We will not be discussing them in this document.
The new certificate is nothing more than a text file, as was the case with the CSR. However, in this case, the information starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----. In the previous step, the terms were BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST. Extract the contents of this zip file to a location accessible from your Web server.