SSL Certificate Renewal Revisited Tutorial

SSL Certificate Renewal Revisited Tutorial

SSL Certificate Renewal Revisited Tutorial

Way back when with SSL Certificate Renewal Tutorial we renewed the SSL Certificate for the rjmprogramming.com.au domain. What, in practical terms, does that mean? It means a URL such as …


https://www.rjmprogramming.com.au

… involves encryption, offering a level of security around the rjmprogramming.com.au domain’s webpages regarding logins and any e-commerce functionality considerations. It’s time to renew and today’s (reporting of) work highlights a couple of salient issues contrasting (as well as many steps staying the same) with SSL Certificate Renewal Tutorial

  • this time where we used to label “the players” …
    1. “Website Administrator”: you … doh!
    2. “Web Hoster”: your web hoster, in my case Crazy Domains (who may have a dedicated email address just for SSL goings on) … and …
    3. “SSL Certifier”: more than likely your hoster does not create SSL certification as a core business job, so you have SSL Certificate creators (ours, decided by Crazy Domains when they send out the SSL Product (for renewal), but perhaps you could specify) is Comodo

    … today we’ve realized we can coalesce that, somewhat, into …

    1. “Website Administrator”: you … doh!
    2. “Web Hoster”: your web hoster, in my case Crazy Domains (who may have a dedicated email address just for SSL goings on) is also my “SSL Certifier” … yayyyyyy!
  • last time we installed an SSL Certificate lasting several years but our “Web Hoster” = “SSL Certifier” informed us (in an email) …

    Why update your SSL?

    Apple and Google recently announced the new maximum validity of SSL/TLS certificate to 13 months.

    Thus, you need to update your SSL Certificate every year to maintain the security of the information passed through your website.

… which you can see us involving ourselves with regarding today’s animated GIF presentation. We hope it’s slow enough?! Just to summarize you need to …

  • pay for your “Web Hoster” SSL product … and if they can be “SSL Certifier” as well …
  • have a working admin@[domainURL] email address (and the “Web Hoster” = “SSL Certifier” may send and receive emails from their ssl@[WebHosterDomainURL])
  • have a working cPanel (ours for a Linux CentOS 6.4 x86_64 WHM 11.38.2 (build 23) virtual web server)


Previous relevant SSL Certificate Renewal Tutorial is shown below.

SSL Certificate Renewal Tutorial

SSL Certificate Renewal Tutorial

Adding the big picture around the knowledge presented in SSL Certificate Primer Tutorial below, today, we want to fill you in on the deployment of SSL (ie. being able to use URLs starting with https:) for a dedicated web server, ours being a CentOS WHM (using cPanel) Apache/PHP/MySQL one, the reason being, unless you are getting your dedicated web server maintained elsewhere, there is more you have to do here, as the domain’s administrator, than if you are using shared hosting (ie. lots of domains sharing the one web server), where the administrators of that web server would be happy to manage this themselves … but thanks for asking.

With a dedicated web server deployment of SSL, for us that being a renewal of SSL (though it may as well be for the first time, regarding the steps (except before the first step, where you have to push your hoster, mine being Crazy Domains, to install an SSL product (usually not a default, in a hosting package)) in the first place.

Okay, then, who are the “players” involved for a dedicated web server deployment of SSL you maintain yourself?

  1. “Website Administrator”: you … doh!
  2. “Web Hoster”: your web hoster, in my case Crazy Domains (who may have a dedicated email address just for SSL goings on) … and …
  3. “SSL Certifier”: more than likely your hoster does not create SSL certification as a core business job, so you have SSL Certificate creators (ours, decided by Crazy Domains when they send out the SSL Product (for renewal), but perhaps you could specify) is Comodo

Okay, then, what are the “broad brush” steps in this renewal of SSL (for a dedicated web server) …

  1. “Website Administrator” gets the heads up that SSL Certification is due for renewal from “Web Hoster” (more than likely, via email)
  2. “Website Administrator” (might brush up on the finer details, like at useful webpage, thanks, or look to SSL Certificate Primer Tutorial below) and remember that for CentOS WHM Apache/PHP/MySQL web servers you look to start up cPanel and you could verify the number of web server IP addresses via the Show IP option then perhaps visit one of the whois websites to see what is shown already about the domain’s information prior to …
  3. “Website Administrator” reaches cPanel’s Generate an SSL Certificate and Signing Request option (sometimes referred to as “CSR”) via looking for “SSL” in the search bar
  4. “Website Administrator” fills out the “domains” field, fairly obviously the most important piece of information to get right
  5. “Website Administrator” fills out the rest of that form and clicks the Create button … at which point …
  6. “Website Administrator” should immediately store away (file) copies of the contents of …
    • Signing Request
    • Certificate
    • RSA Private Key
  7. “Website Administrator” emails off, with reference to the SSL product, an email attaching those three files, via the email address specified by the “Web Hoster” (as required), and explain the context
  8. “Web Hoster” will email the “Website Administrator” for validation to go ahead and use the information from that previous “Website Administrator” email to contact (email) the “SSL Certifier” to create the SSL Certificate
  9. “SSL Certifier” emails the “Website Administrator” requesting the clicking of a link and filling in of a validation code, more than likely to verify the validity of the job they have been asked to do
  10. “SSL Certifier” will send an email back to “Web Hoster” that is most likely to contain a zip file with …
    • SSL Certificate (.crt file)
    • CA Bundle
  11. “Web Hoster” will forward this on, with instructions, to “Website Administrator” via email
  12. “Website Administrator” reaches cPanel’s Install an SSL Certificate on a Domain option via looking for “SSL” in the search bar … and …
  13. “Website Administrator” fills in that all important domain name field again, then satisfies the three fields …
    • Certificate … by pasting in “SSL Certficate (.crt file)” information above
    • Private Key … by pasting in “RSA Private Key” information above
    • Certificate Authority Bundle (optional) … by pasting in “CA Bundle” above

    … and click the Install button … to hopefully have it that …

  14. “Website Administrator” sees a successful installation of SSL Certificate to the relevant domain web server system … and so …
  15. “Website Administrator” can visit URLs like https://www.rjmprogramming.com.au/ITblog/ “secure” in the knowledge that valid SSL Certificates are in place

Or for our visual learners, please enjoy.


Previous relevant SSL Certificate Primer Tutorial is shown below.

SSL Certificate Primer Tutorial

SSL Certificate Primer Tutorial

All our recent SSL blog postings have been assuming something. That “something” is that the web server you are writing web applications for, and are configuring, has had installed a relevant SSL Certificate to “work” and undersign the encryption logic software.

In the case of our RJM Programming domain’s web server’s SSL Certificate we turned to our web hoster, Crazy Domains, to provide an SSL product here, that can go into the makeup of your “web server” package. If your web server is a dedicated web server rather than a shared one, you can decide to install this SSL Certificate yourself, perhaps using OpenSSL based techniques …

However you do it, these SSL https: based URLs don’t just happen without the SSL Certificate arrangements in place.

What are the Pros and Cons of SSL (thanks to this webpage and this webpage and this webpage)?

Pros Cons
Trust Cost of Certificate
Verification Mixed Content issues
Integrity of Data Proxy Caching
Google and SEO Mobile application issues
Prevent data breaches Performance

And now we have a general question and answer session, for beginners, regarding SSL …

Question Answer
What’s the go with wildcard (multi-subdomain) SSL Certificates? Have a read of this webpage
What will happen to https: based URLs should the SSL Certificate expire? Thanks to this webpage for

An expired SSL certificate may deter website users, but it does not prevent data from flowing securely between the site’s server and a user’s browser. A website with an expired certificate will still encrypt outgoing data, and the browser will decrypt the data as it is received. Visitors merely need to verify that they are communicating with the website over a secure connection. This can be done by looking for an “https://” prefix at the beginning of the URL in the browser’s address bar.

How can you tell whether an SSL Certificate has been installed on a web browser? When you try a URL with https: protocol at the start you should get an informational icon to the left of the web address that today’s tutorial picture shows and more is explained at this webpage
Can you have an SSL Certificate installed correctly but not get the web browser padlock happening that shows encryption is happening? You bet, either if you are accessing a subdomain not covered by the certificate, or if the certificate cover “breaks” because of “Mixed Content”, like we have been raving about with recent blog postings.
What’s the latest on that SSL “hack” problem from recent times? Have a look through this Google search
How can I tell if a domain uses a dedicated web server or uses a shared web server? Report at this webpage could help.
How can the search engines get to notice newly encryptable SSL https: based URLs? Google Webmasters recommends

Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.

… but we have more work to do before this.

Why is an SSL duck? Because it flies so high.

Hope this has some pointers for a web server SSL quest you are thinking of embarking on.

If this was interesting you may be interested in this too.


If this was interesting you may be interested in this too.


If this was interesting you may be interested in this too.

This entry was posted in eLearning, Tutorials and tagged , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *