Adding the big picture around the knowledge presented in SSL Certificate Primer Tutorial below, today, we want to fill you in on the deployment of SSL (ie. being able to use URLs starting with https:) for a dedicated web server, ours being a CentOS WHM (using cPanel) Apache/PHP/MySQL one, the reason being, unless you are getting your dedicated web server maintained elsewhere, there is more you have to do here, as the domain’s administrator, than if you are using shared hosting (ie. lots of domains sharing the one web server), where the administrators of that web server would be happy to manage this themselves … but thanks for asking.
With a dedicated web server deployment of SSL, for us that being a renewal of SSL (though it may as well be for the first time, regarding the steps (except before the first step, where you have to push your hoster, mine being Crazy Domains, to install an SSL product (usually not a default, in a hosting package)) in the first place.
Okay, then, who are the “players” involved for a dedicated web server deployment of SSL you maintain yourself?
- “Website Administrator”: you … doh!
- “Web Hoster”: your web hoster, in my case Crazy Domains (who may have a dedicated email address just for SSL goings on) … and …
- “SSL Certifier”: more than likely your hoster does not create SSL certification as a core business job, so you have SSL Certificate creators (ours, decided by Crazy Domains when they send out the SSL Product (for renewal), but perhaps you could specify) is Comodo
Okay, then, what are the “broad brush” steps in this renewal of SSL (for a dedicated web server) …
- “Website Administrator” gets the heads up that SSL Certification is due for renewal from “Web Hoster” (more than likely, via email)
- “Website Administrator” (might brush up on the finer details, like at useful webpage, thanks, or look to SSL Certificate Primer Tutorial below) and remember that for CentOS WHM Apache/PHP/MySQL web servers you look to start up cPanel and you could verify the number of web server IP addresses via the Show IP option then perhaps visit one of the whois websites to see what is shown already about the domain’s information prior to …
- “Website Administrator” reaches cPanel’s Generate an SSL Certificate and Signing Request option (sometimes referred to as “CSR”) via looking for “SSL” in the search bar
- “Website Administrator” fills out the “domains” field, fairly obviously the most important piece of information to get right
- “Website Administrator” fills out the rest of that form and clicks the Create button … at which point …
- “Website Administrator” should immediately store away (file) copies of the contents of …
- Signing Request
- Certificate
- RSA Private Key
- “Website Administrator” emails off, with reference to the SSL product, an email attaching those three files, via the email address specified by the “Web Hoster” (as required), and explain the context
- “Web Hoster” will email the “Website Administrator” for validation to go ahead and use the information from that previous “Website Administrator” email to contact (email) the “SSL Certifier” to create the SSL Certificate
- “SSL Certifier” emails the “Website Administrator” requesting the clicking of a link and filling in of a validation code, more than likely to verify the validity of the job they have been asked to do
- “SSL Certifier” will send an email back to “Web Hoster” that is most likely to contain a zip file with …
- SSL Certificate (.crt file)
- CA Bundle
- “Web Hoster” will forward this on, with instructions, to “Website Administrator” via email
- “Website Administrator” reaches cPanel’s Install an SSL Certificate on a Domain option via looking for “SSL” in the search bar … and …
- “Website Administrator” fills in that all important domain name field again, then satisfies the three fields …
- Certificate … by pasting in “SSL Certficate (.crt file)” information above
- Private Key … by pasting in “RSA Private Key” information above
- Certificate Authority Bundle (optional) … by pasting in “CA Bundle” above
… and click the Install button … to hopefully have it that …
- “Website Administrator” sees a successful installation of SSL Certificate to the relevant domain web server system … and so …
- “Website Administrator” can visit URLs like https://www.rjmprogramming.com.au/ITblog/ “secure” in the knowledge that valid SSL Certificates are in place
Or for our visual learners, please enjoy.
Previous relevant SSL Certificate Primer Tutorial is shown below.
All our recent SSL blog postings have been assuming something. That “something” is that the web server you are writing web applications for, and are configuring, has had installed a relevant SSL Certificate to “work” and undersign the encryption logic software.
In the case of our RJM Programming domain’s web server’s SSL Certificate we turned to our web hoster, Crazy Domains, to provide an SSL product here, that can go into the makeup of your “web server” package. If your web server is a dedicated web server rather than a shared one, you can decide to install this SSL Certificate yourself, perhaps using OpenSSL based techniques …
However you do it, these SSL https: based URLs don’t just happen without the SSL Certificate arrangements in place.
What are the Pros and Cons of SSL (thanks to this webpage and this webpage and this webpage)?
Pros | Cons |
---|---|
Trust | Cost of Certificate |
Verification | Mixed Content issues |
Integrity of Data | Proxy Caching |
Google and SEO | Mobile application issues |
Prevent data breaches | Performance |
And now we have a general question and answer session, for beginners, regarding SSL …
Question | Answer |
---|---|
What’s the go with wildcard (multi-subdomain) SSL Certificates? | Have a read of this webpage |
What will happen to https: based URLs should the SSL Certificate expire? | Thanks to this webpage for
|
How can you tell whether an SSL Certificate has been installed on a web browser? | When you try a URL with https: protocol at the start you should get an informational icon to the left of the web address that today’s tutorial picture shows and more is explained at this webpage |
Can you have an SSL Certificate installed correctly but not get the web browser padlock happening that shows encryption is happening? | You bet, either if you are accessing a subdomain not covered by the certificate, or if the certificate cover “breaks” because of “Mixed Content”, like we have been raving about with recent blog postings. |
What’s the latest on that SSL “hack” problem from recent times? | Have a look through this Google search |
How can I tell if a domain uses a dedicated web server or uses a shared web server? | Report at this webpage could help. |
How can the search engines get to notice newly encryptable SSL https: based URLs? | Google Webmasters recommends
… but we have more work to do before this. |
Why is an SSL duck? | Because it flies so high. |
Hope this has some pointers for a web server SSL quest you are thinking of embarking on.
If this was interesting you may be interested in this too.
If this was interesting you may be interested in this too.