Want to Secure domain name with SSL Certificate ?
1. Generate SSL Certificate Using Third Party Vendor.
If we are hosted our application on a self-managed server (Self-hosted server) then we need to purchase the SSL certificate from a trusted third-party vendor.
In this example we have purchased the certificate from SSL2BUY, here we have multiple options for the different vendors
We have purchased the certification from AlphaSSL Vendors
You can purchase the SSL based on the requirements, In our context, we have purchased the Wild Card SSL Certificate (Because it supports N number of subdomains), If you wanted to have a single-domain SSL certificate then you can purchase a Single Domain SSL Certificate
Once you purchase the SSL then that vendor will share the link on your email id.
Here we are recommending to provide the email and organization details properly because those will be cross verify with the certificate.
Once you are done with the purchase you will receive the following email that to validate for next 30 days.
In this mail you need to click on SSL Configuration Link, you can also go to the same link from the SSL2Buy Order summary
Here You have complete the first Process for Purchasing the SSL certificate
2. Create CSR Key Before Configuring The SSL Certificate.
Here before the SSL configuration, we should need to generate the CSR key from that environment which is our target environment in our case, that was EC2-Instance with Linux Environment. We have installed the OpenSSL on to that Linux environment.
For creating the CSR you should need to have OpenSSL installed on your system.
We used the below command to create a CSR file with key,
Note: Please create one folder and open the terminal to that folder only.
You can also follow this video tutorial for the same
https://www.youtube.com/watch?v=ZAE9p1_N6_Q
openssl req -out devaten.csr -new -newkey rsa:2048 -nodes -keyout devaten.key
Once I executed this command it will ask for the company details,
here you need to provide the same details which you have mentioned while creating the SSL certificate.
Here we should need to provide one important information. If we are creating the CSR file for the wild card the for “Common Name” property we should need to provide the proper information for eg. Common Name = *devaten.com (in Our case) This will be matched the requirement which you have mentioned while purchasing.
Once you done with all the details you will have 2 files in your same folder
- CSR file
- Key file
Here you have complete the 2nd Process. Lets move forward with 3rd process.
3. Signed That Certificate From Trusted Third Party Vendors
From getting the reference from the 1st Process,
Click on Configure SSL link either from Mail or from MyOrders.
It will redirect you to the next Page.
Enter the Captcha code here and move to the next page.
On to the next page if will ask you to past the CSR file content on that text area (CSR file which we have created in the previous step)
Open that file and past the exact same CSR file content on that text area.
Once you are done with it, it will navigate you to the next page if the CSR is valid else it will give you the error (here you need to cross-check with your CSR file).
On to the next page, they will ask for some details about the Administrative email and contact Details,
So there you need below 2 email id’s
- For Verification Email (Here we need to select from dropdown)
- For Contact Email (Enter manually – On this email, you will receive the SSL certificate, Put the same email id which you have configured while creating the CSR file)
Once you are done with this it will send an email to the 1st email id for the verification for SSL, It will look like this.
From this email you need to click on that link and confirm the information, Once you confirm the information, it will send and email with SSL certification on your second email id It will look like this.
and below with this email, it has a SSL certification with the above steps.
QUICK INSTALLATION GUIDE
We hope that your application process was quick and easy and you have enjoyed the AlphaSSL experience. Thank you for choosing AlphaSSL, if you have any questions or issues please do not hesitate to contact us.
- Using a text editor, copy the SSL Certificate text from the bottom of this email (including the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines) and save it to a file such as yourdomain.txt
- Retrieve the Intermediate Certificate (selecting SHA-1 or SHA-256 as appropriate) from the Support Center at: https://www.alphassl.com/support/install-root-certificate.html
- Using a text editor, copy the Intermediate Certificate text (including the —-BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines) and save it to a file such as intermediate_domain_ca.txt
- Copy these .txt files to your server and then rename them with .crt extensions
- Install the Intermediate and SSL Certificates
- Restart your server
- To test for installation errors please use our SSL Configuration Checker located at https://sslcheck.globalsign.com/en_US
- Install your Site Seal with the instructions show at: http://www.alphassl.com/support/ssl-site-seal.html
- We suggest you back-up your SSL Certificate and Private Key pair and keep it safe, all IIS users can use the Export Wizard
Congratulations you have done the SSL certificate creation. Now lets focus on installing that certificate on our environment.
4. Install Apache On Target Environment
To secure all the HTTP and HTTPS request from the server we should have one proxy server to server all the request as a front facing server.
Here we need to install the Apache server.
5. Install SSL Certificate On Apache Server
In Apache if we wanted to install the certificate then we need to specify the virtual host in httpd.conf file which is located in APACHE_DIR/conf folder.
Open that file and add the virtual host as mentioned below
1. <VirtualHost _default_:443>
2. ServerAdmin USERENAME@DOMAINNAME
3. DocumentRoot /var/www/html
4. ErrorLog ${APACHE_LOG_DIR}/error.log
5. CustomLog ${APACHE_LOG_DIR}/access.log combined
6. SSLEngine on
7. SSLCertificateFile /KEY_FILE_LOCATION/CERTIFICATE_FILE_NAME.crt
8. SSLCertificateKeyFile /KEY_FILE_LOCATION/KEY_FILE.key
9. <FilesMatch “\.(cgi|shtml|phtml|php)$”>
10. SSLOptions +StdEnvVars
11. </FilesMatch>
12. <Directory /usr/lib/cgi-bin>
13. SSLOptions +StdEnvVars
14. </Directory>
15. </VirtualHost> 