Skip to main content

Get SSL on Godaddy

Some basics on SSL。

  • .key: PKCS8 private key(Base64)
  • .csr: PKCS10 partial certificate info(including public key, domain, organization info. Public key is generated through private key--".key")
  • .crt: Certificate file, add CA signature info upon .csr (Godaddy will generate it based on user uploaded .csr file)
  • .der: bynary file, can be converted to pem and vice versa with the following command: openssl x509 -inform der -in xxx.der -out xxx.pem
  • .pem: base64 file, could be private key, public key or certificate.
  • .p12, .pkcs12, .pfx: PKCS12 composed file including info of private key, public key or certificate, etc.

1. Generate Private Key & CSR & Certificate in your local machine (not a real certificate and we will replace this certificate soon):

# Generate private key, and we are using as an example domain
openssl genpkey -algorithm RSA \
-pkeyopt rsa_keygen_bits:4096 \
-pkeyopt rsa_keygen_pubexp:65537 | \
openssl pkcs8 -topk8 -nocrypt -outform pem >

# Generate CSR file
openssl req -subj "/C=US/ST=Arizona/L=Scottsdale/O=vocechat,Inc./" \
-new -days 3650 -key -out

# Generate signkey file
openssl x509 -signkey -in -req -days 365 -out

# Check certificate
openssl req -text -noout -verify -in

You will have the following files generated which are important. Please keep those files securely saved:

-rw-r--r--  1 user  staff   1.9K May  5 00:34
-rw-r--r-- 1 user staff 1.7K May 5 00:34
-rw-r--r-- 1 user staff 3.2K May 5 00:29

With .key, .crt we can setup servers like nginx, although browsers will have a warning.

2. Sign in to Godaddy, buy SSL certificate。


3. Set domain & CSR:

Godaddy-Manae-Cert Godaddy-Update-CSR

4. Download SSL certificate

Will be ziped to a file like, and you need to unzip to get the following files:

-rw-rw-r--@ 1 user  staff   2.4K May  4 07:47 1aeb156731cb52d3.crt
-rw-rw-r--@ 1 user staff 2.4K May 4 07:47 1aeb156731cb52d3.pem
-rw-rw-r--@ 1 user staff 4.7K May 4 07:47 gd_bundle-g2-g1.crt

5. Combine the files and replace the old certificate just now (as we have a real certificate now).

cat 1aeb156731cb52d3.crt gd_bundle-g2-g1.crt >

6。 vocechat-server settings

Copy the certificate files:

cp cert/ca.crt
cp cert/ca.key

Change config/config.toml

bind = ""
domain = ""

# [network.tls]
# type = "self_signed"

type = "certificate"
# cert = "/path/"
# key = "...."
path = "./cert"

Restart vocechat-server:

/etc/init.d/vocechat-server restart

All set:)