SSL Secure Server
This section covers certificate installation requirements, how to use the server's shared certificate, creating a self-signed
certificate, and installing a purchased certificate. Any site that processes monetary transactions or takes in sensitive information
(such as passwords) needs the protection of a SSL certificate.
Certificate Installation Requirements
In order to use the SSL feature your site must have it's own static (dedicated) IP address. If you don't have a dedicated IP address,
you will get an error message when you access the SSL menu:
Could not execute your request
Details: You are not allowed to modify your SSL
Contact Seanet's Customer Service for information on obtaining a dedicated IP address.
Server's Shared and Self-Signed Certificates
You may use the server's built-in certificate or generate a self-signed certificate free of charge. The requirements are:
- a dedicated IP address
- SSL access
- an understanding of non-trusted certificates (see the sections on shared and self-signed certificates below)
Purchased Certificates
Purchased certificates require:
- a dedicated IP address
- SSL access
- an understanding of purchasing/installing trusted certificates (see the section on purchased certificates below)
Using the Server's Shared Certificate
One of the simplest ways to have a secure site is to use the server's built-in certificate. To access the SSL menu,
click on the "SSL Certificates " link from the "Advanced Features" section of the main control panel menu.
Make sure the radio button next the "Use the server's certificate" is selected, and click the "Save" button at the bottom of the screen.
Note also the SSL status above, which you can toggle on or off by clicking on the appropriate link.
Understanding non-Trusted Certificates
Although non-Trusted certificates provide the same high level of encryption as Trusted certificates, they are not always the best choice because they are self-generated
instead of purchased from a trusted authority. Because of this, visitors to your site will likely receive a warning popup window when they access a
secure page:
If you can put up with this inconvenience, then a self-generated secure certificate is adequate for your site. If you are a company
selling goods or services, we highly recommend that you purchase a trusted certificate. A non-trusted certificate may be harmful to a
web site's reputation.
Uploading Files to your Secure Site
All secure files need to be uploaded to the /domains/domain.com/public_html directory just as for unsecured files. You may upload using the control panel's built-in
file manager or FTP.
Creating a Self-Signed Certificate
An alternative to the self-generated shared server certificate is a personalized self-signed certificate.
Access the "SSL Certificates" configuration page.
Step 1: Click the radio buttons to select "Create your own self signed certificate."
Step 2: Enter the information about yourself and your company.
A list of country codes is available here.
The Common Name is the exact web address the certificate is associated with. In the above example, https://www.domain.com/anything would
be valid, but not https://subdomain.domain.com.
Step 3: Click the "Save" button at the bottom of the screen. You will be taken back to the SSL menu.
Understanding non-Trusted Certificates
Although non-Trusted certificates provide a high level of encryption, they are not always the best choice because they are self-generated instead
of purchased from a trusted authority. Because of this, visitors to your site may receive a warning popup window when they access a secure page:
If you can put up with this inconvenience, then a self-generated secure certificate is adequate for your site. If you are a company selling goods
or services, we highly recommend that you purchase a trusted certificate. A non-trusted certificate may be harmful to a web site's reputation.
Uploading Files to your Secure Site
All secure files need to be uploaded to the /domains/domain.com/public_html directory. You may upload using the control panel's built-in file
manager or FTP. For example:
/domains/domain.com/public_html/index.html ---> https://www.yourdomain.com/index.html
/domains/domain.com/public_html/secure/index.html ---> https://www.yourdomain.com/secure/index.html
Installing a Purchased Certificate
A purchased certificate is the best form of security. Because the certificate is both secure and trusted, visitors will not receive a warning popup
window when viewing a secure page.
Note: A dedicated (static) IP address is required for the installation of a purchased certificate.
Step 1: Generate a CSR
Access the SSL menu by clicking on the "SSL Certificates" link from the "Advanced Features" section of main control panel page.
Make sure to click the radio button next to "Create A Certificate Request." Then, enter the information about your company. The
"Common Name" refers to the address of your site that will go on the SSL certificate. Your site will be secure only at this address. In the
above example, https://www.domain.com/anything would be secure, but not
https://domain.com/anything.
When you are finished, click the "Save" button at the bottom of the screen. You will then see a page that looks like this:
Copy this text (including the "BEGIN/END CERTIFICATE REQUEST" sections) into a plain text editor such as Windows Notepad and save the
file to your hard drive. You will need this CSR when you purchase a certificate.
Step 2: Purchase a Certificate
When purchasing a certificate, you will be asked about yourself or your company, your web site, and:
- the CSR
- the software that generated the CSR
- your common name
The CSR
Simply paste the CSR given to you by the control panel, including the "BEGIN/END CERTIFICATE REQUEST" sections. There will be a text box
in the order form to paste to. Please ensure the CSR is saved and pasted as plain text.
Software that Generated the CSR
Choose Apache-ModSSL, or "Other" if you don't see Apache-ModSSL in the list. Do not worry about making a mistake, as this information is
collected for statistics purposes only.
Your Common Name
The "Common Name" refers to the address of your site that will go on the SSL certificate (see Step 1). Enter this address without the
"http://" unless otherwise specified by the certificate seller.
Step 3: Install the Certificate
Once you have received the certificate from the Certificate Authority, access the SSL Certificates page as described above and paste the certificate below the previously generated Key.
Select the radio button next to "Paste a pre-generated certificate and key." As you can see, the key is already inserted in the text box
for you. Paste the certificate immediately below it and click "Save."
Note: It is vital that both the Private Key and Certificate are pasted in their entirety, including BEGIN and END lines for each.
If you did not use the server to generate the PRIVATE KEY, you will need to manually paste it above the CERTIFICATE in the panel provided.
Step 4: Install the CA Root Certificate (optional)
Although the installation of a CA Root Certificate is not always required, you may find that your SSL certificate will not function properly without
completion of this step.
Return to the main SSL page. At the very bottom is a link called "Click Here to paste a CA Root Certificate. Click the link and paste your CA
Root Certificate in the textbox. Then, click the "Save" button.
Important: Remember to check the "Use a CA Cert." box.
Uploading Files to your Secure Site
All secure files need to be uploaded to the /domains/domain.com/public_html directory. You may upload using the control panel's built-in file manager
or FTP. For example,
/domains/domain.com/public_html/index.html ---> https://www.yourdomain.com/index.html
/domains/domain.com/public_html/secure/index.html ---> https://www.yourdomain.com/secure/index.html
Need more help?
If you need further assistance with any Control Panel feature, please contact our Customer Support department.
Helpful information is also available in the
DirectAdmin support forums.
|
