Friday, 16 June 2017

The SSL certificates sold by the majority of commercial certification authorities (CAs) such as Global Sign, etc… To use SSL certificate it is good to have a Dedicated IP address, as dedicated IP address will be the one, which will be working for the secure layer with the port 443.

SSL in WHM

To check the SSL certificate:


Open the URL: https://yourdomain.com

Symptoms:


If it shows “unable to connect”, then it means no SSL certificate is there for the domain.
If it redirects to the domain, then SSL is purchased and working.
If it is expired, then Click on >> I understand the risks >> add exception >> get certificate >> view. Check for the expiry date of the same. If you find that the dare is expired, then it needs to be renewed.

What are the general types of SSL certificate?


Standard SSL >> valid for one domain name

EV (Extended Validation) SSL >> this is similar to a Standard SSL certificated, except the validation process is a little bit more involved.

UCC (Unified Communication Certificate) – multi-domain SSL or SAN SSL (Subject Alternative Name) >> this is a Standard SSL certificate (unless specified to be EV SSL) that allows for multiple domain names in the same certificates.

Wildcard SSL >> this is valid for *.domain.com. Note that this cuts off at the child level so it would not be valid for *.sub.domain.com – you would need a different wildcard for it.

SGC (Server Gated Cryptography) SSL >> this is a “step-up” certificate so that you can increase the SS; encryption strength for clients that don’t support your server’s level of encryption.

2048 bit certificates >> this is just a normal certificate of any of the above types. This just means that you can use 2048 bit key strength for your private key, because their CA is at 2048 bit or higher.

Examples from the Global sign

* Alpha SSL- For one domain

* Wild Card – For multiple domains

How to Purchase SSL?


To purchase the SSL you need to provide the details as mentioned below to the respective SSL provider:

-Domain name
-Email address (where cert is sent)
-Host name
-Country
-State
-City
-Company Name
-Company Division
-Email address (displayed in cert)
-Password

After receiving the details from your certificate provider >> login to the WHM of the server and Follow the below mentioned steps:

Click on ” Main >> SSL/TLS >> Generate a SSL Certificate and Signing Request” >> provide the detail information and for the section of Key Size: Select for 2048 rather than 1024.

If you click next it will generate the CSR (Certificate Signing Request) and will provide you the CSR and KEY for the same.

Usually, hosting providers don’t have the self SSL certificates, they contact the respective SSL provider from where they used to take the certificated in bulk and then provides to the end users. After generating or receiving the CSR the hosing provider visit the SSL provider. For example, GlobalSign

General Steps for all Commercial Certification Authorities (CAs)


>> If you want to purchase from the CAs then create a login and then login into the account of their website OR

>> With the login details of hosting provider to login into the Global Sign and then select the product for which you have to place the order as:

• Alpha SLL- For one domain
• Wild Card – For multiple domains

>> Then proceed for the next step in which provide the details for the CSR and then confirm.

>> Select the email id to which you want the feedback from them.

>> Confirm and complete it.

>> After this step you have to go into the inbox which you have given for receiving feedback

>> Example: signup@example.com

>> As soon as the procedure is completed you receive the order number from them which is important and a link to check whether the order is completed or not or whether the certificate is generated or not. You will be provided with the link to check for the same.

>> In case if you don’t receive the same then contact to the customer support of the global sign from the same logins of the organization.

>> You will receive the next mail from them with the SSL certificate provided in the same format as of CSR. As soon as you receive the mail check for the last characters of the each key of the one which we have generated as like:

CSR last characters are
“6QYMmdKl6sMc6N
SoVwX0M=
—–END CERTIFICATE REQUEST—–“

Check the same into the reply mail you have received from then with the SSL certificate.

Installing the SSL certificate from the WHM:


After receiving the same, visit to the WHM of the Server and follow the steps as (end user client may need to contact the hosting provider for the same if they don’t have the access to the WHM Admin).

Click on Main >> SSL/TLS >> Install a SSL Certificate and Setup the Domain. Here you have to provide the copy of the SSL certificate that you have received from them into the area given and make sure there is no blank space. As soon as you put the key, it will automatically generate below user details, etc… It will also automatically fetch the details. And then click next “done” your SSL certificate is installed.

NOTE: confirm the IP address you provided after the certificate is fetched by the WHM; else it will create a problem for the same.

>> After this you have to install the SSL on the services as well. For that follow the steps mentioned below:

Main >> Service Configuration >> Manage Service SSL Certificates

For example: you will get the details as:

Service Current Certificate Actions
Exim (SMTP) Server Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority
Not Before: Jan 31 14:50:50 2015 GMT
Not After: Feb 3 17:10:35 2016 GMT Install new Certificate Reset Certificate
Subject: serialNumber=PCmdzkGcKwH51nAguzsgHJDNGhLd//o6, C=GB, O=chicago.bodhosting.net, OU=GT81185785,
OU=See www.globalsign.com/resources/cps (c)10, OU=Domain Control Validated – GlobalSign(R), CN= chicago.bodhosting.net
Self Signed: NO

>> Click on the Install new certificate:

Provide the key by the same method >> confirm that there is no space of wrong key. Click on save.

One by one you have to complete all the services like this and then check for the SSL. That’s it. SSL will be renewed or installed for next one year or as per order. DONE!

0 comments:

Post a Comment

Facebook

Google+ Followers

Twitter

Popular Posts

Blog Archive

Total Pageviews