#CreateWildcardSSLcertificate
Explore tagged Tumblr posts
Text
Create Wildcard SSL certificate with Let's encrypt and integrate into engineyard
Generate wildcard SSL certificate with engineyard interation
First, we are going to generate a wildcard SSL certificate for our domain and then will see the process of integrating that certificate in engineyard.
First, let’s see the brief about terms we are going to use in this blog
What is SSL and why it is used?
SSL certificates are used to create an encrypted channel between the client and the server. Transmission of such data as credit card details, account login information, any other sensitive information has to be encrypted to prevent eavesdropping.
What is a wildcard certificate?
A wildcard certificate is a digital certificate that is applied to a domain and all its subdomains. ... Secure Sockets Layer (SSL) certificates often use wildcards to extend SSL encryption to subdomains. A conventional SSL certificate works on a single domain
Why Let's Encrypt?
Let's Encrypt is a free, automated, and open Certificate Authority. That means you do not need to pay charges for SSL Certificate
Let’s start step by step process to create our wildcard certificate.
Step 1: First you need to ssh login to your server
ssh <user>@<server_address | ip_address>
Step 2: Once you are logged in to your server you need to install certbot to process further
Certbot is not available in the default ubuntu repository. Run the below command to add ppa repository.
sudo add-apt-repository ppa:certbot/certbot
Update packages using the below command.
sudo apt update
Run below command to install certbot
sudo apt install certbot
Check certbot which certboat is installed with below command
apt-cache policy certbot | grep -i Installed
Ref link :- https://certbot.eff.org/lets-encrypt/ubuntuxenial-apache.html
Step 3: Now as we have certbot installed on our server we are able to generate a certificate , use below command to generate a wildcard certificate
sudo certbot certonly --manual -d *.<your_domain> -d <your_domain> --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server
https://acme-v02.api.letsencrypt.org/directory
Here you need to replace <your_domain> with your original domain. For eg: xyz.com. In the process we have --preferred-challenges dns-01 there are other options available if you want to try go to reference https://letsencrypt.org/docs/challenge-types/
Step 4: In this process, you will be asked to add TXT Record in your DNS.
For that, you need to login to your DNS(Domain Provider like Bigrock, GoDaddy and more) account.
Then find DNS records management panel, this depends on your domain provider system.
Add TXT records given in the last step like below
Name: <your_domain>
Value: _acme-challenge=<value_generated_by_above_command>
You can test whether TXT Records Added on DNS or not on => https://mxtoolbox.com/
You need to follow this process two times. it will verify that you are the owner of the domain which you claim or acting as owner and then it will generate certificates for your domain with a validity of 3 months
Step 5: Add Certificates to your engine yard
Login to your engine yard account
From tools dropdown select SSL certificate
Click button named and Add SSL Certificate
Add Name for your certificate so you can identify.
Select radio button named ‘Upload SSL Certificate’
In SSL Certificate Text Area add the certificate from a file generated in the last step named Fullchain.pem
View content of that file with below command [ in ssh logged in terminal ]
sudo cat /etc/letsencrypt/live/unimedliving.com/fullchain.pem
In SSL Certificate Key Text Area add the certificate from a file generated in the last step named privkey.pem
View content of that file with below command [ in ssh logged in terminal ]
sudo cat /etc/letsencrypt/live/unimedliving.com/privkey.pem
Finally, Click on add certificate it will take some time to appear this certificate for the selection.
You have added a certificate in your engine yard now you need to assign that certificate to your web app.
Go to the Dashboard of engine yard
Select the app in which you want to assign SSL Certificate
In SSL section you can see the option called ‘Assign SSL Certificate to <your app>’
From SSL Certificate dropdown select the certificate you named uniquely.
Then click on update SSL Settings
All things are set and done now you only need to click ‘Apply’ button
After your changes applied to your environment you can check that your app is now SSL Protected.
You can perform SSL test on -> https://www.whynopadlock.com/
You can use the same process for renewing your certificate after 90 days. If you use single domain SSL you can make this process automated by adding the script, but for wildcard domains, you can not perform automated process because it requires DNS Challenge to perform, in future there might be a way to do these challenges automated as well. We will update our blog if such a technique developed.
If you face any difficulties in following the above process, comment on the blog we will be happy to help. Thank you!
0 notes
Text
Create Self Signed Wildcard SSL Certificates for Apache
1.Explicit control panel and execute the below commands, replacing yourhostname.com with the host name
2. In order to create WildCard SSL Certificate keep Common Name as *.yourhostname.com and left other fields as blank for default
At Apache
Enable SSL in Apache and restart
At Virtual Hosts
Then add the SSL settings into each VirtualHost in your Apache configuration files
In order to use https for sub domains, then add below options with the 443 into your existing files
Then reload Apache
To test if it’s working open up https://www.yourhostname.com/ and check if the WildCard SSL Certificate works
Want to know about major SSL brands cheap WildCard SSL Certificates,
visit: https://www.rapidsslonline.com/
#cheapwildcardssl#CreateWildcardSSLCertificate#SelfsignedWildcardSSL#SelfsignedWildcardSSLCertificate#WildcardSSLforApache
0 notes
Link
Let's know how to create a wildcard SSL certificate with Let's encrypt
0 notes