1. First, we need to generate a " Certificate Signing Request "
(CSR) on the web server. This usually involves getting in touch with the hosting company and asking them to generate the CSR for you. The CSR will include the name, the city, state, the country, and the domain name of your organization plus the " key " (a key is like a password) generated for your web site.

2. After you receive the CSR (which looks like an encrypted block of undecipherable text) you can order your certificate from the SSL certificate provider. The CSR needs to be submitted to the Certification Authority for enrollment.

3. If you want to buy the basic Low Assurance Certificate, we have an automatic one step validation process where we check whether the applicant has the right to use the domain name used in the application. This process takes only 10 minutes.

If you want to buy the High Assurance Certificate (complete business validated certificate), you will need to submit some documents about your organization to prove its identity. The process has various steps such as :

• Domain Validation i.e. The applicant has the right to use the domain name used in the application.
• The applicant is an accountable legal entity (individual or organisation.
• The applicant organization has a physical existence.
• The applicant's management responsibility for the organization (this is an optional step).

4. Once you receive the SSL certifcate back from the certificate authority, you will normally need the hosting company to install it for you.

You also need to be sure that your hosting account will allow an SSL certificate. The primary factor is a unique IP address (as stated above).
If not documented on your web host's website, it is a good idea to contact them directly. You want to know
a) whether or not your account can handle its own certificate and
b) what additional costs are involved.

After the web host installs the new certificate on the web server the merchant/designer will need to be sure that the desired secure pages are called using "https://" in their links. All components on the page should either use a relative path (without https or http) or "https://" in order to avoid browser messages saying that some items are not secure. Addressing additional page items (such as images) using a relative path will default to the same protocol used when the page was displayed.