This is an old revision of the document!
Table of Contents
SSL Certificates
- SSL Server Test - Check security of SSL
Buying a Certificate
Policy
Always buy a wildcard certificate for a client. This will guarantee that we can use it with any subdomain, and that the client will not need extra IP addresses.
Namecheap
These are the steps involved in generating an SSL certificate to be validated by an SSL provider:
Create a private key to be used only by that server:
openssl genrsa -out /etc/ssl/private/private.key 2048
Create a new CSR (Certificate Signing Request) file using the RSA private key.
When creating the CSR, you will need to populate the local information. For Common Name, use the domain name to be validated. For a wildcard domain, use *.domain.com
. For a single hostname, use www.domain.com
openssl req -new -key /etc/ssl/private/private.key -out /etc/ssl/certs/digitaltrike.com.csr
Namecheap will ask for the newly generated CSR file.
Once you give them the file, they will ask for an email address to verify the SSL certificate creation with. They will pull a list of possible e-mail addresses to use. The recipient will receive a link to validate the creation of the SSL certificate. The process cannot be completed until they have validated, so make sure to send it to someone who will receive the email.
Once the order is validated, you will get an email from Namecheap with two files: the certificate, and the CA bundle.
Save the certificate to /etc/ssl/certs/domain.com.crt
Save the Certficate Authority bundle to /etc/ssl/certs/domain.com.cabundle
Digital Trike
Our SSL cert is a wildcard certificate. The Common Name is *.digitaltrike.com
The private key is signed with a password.
The master keys and CA files are stored on tahiti in /etc/ssl/digitaltrike.com
Maintenance
Digital Trike can offer to clients the option to purchase, install and monitor SSL certificates.
Comodo SSL Certificates (Namecheap)
$155/year/domain, no wildcard (www.domain.com)
- Business validation
- “green bar” in browser
- 128- or 256-bit encryption
- Unlimited reissues
- Unlimited server licenses
GeoTrust SSL Certificates (Namecheap) (Recommended)
$389/year, wildcard (*.domain.com)
- Full business validation
- Unlimited reissues
- Up to 256-bit encryption