Showing posts with label SSL. Show all posts
Showing posts with label SSL. Show all posts

How do I generate a CSR on Microsoft IIS 7.0

Posted by Unknown at 18:47 0 comments

Resolution




To generate a CSR for Microsoft IIS 7.0, perform the following steps:

1. Choose Start > Administrative Tools > Internet Information Services (IIS) Manager
2. In the IIS Manager, choose your server name
3. In the Features pane (the middle pane), double-click the Server Certificates option (Figure A) located under the Security heading.



4. You will notice two default certificates already installed on this server. To begin the process of requesting a new certificate, from the Actions pane, choose the Create Certificate Request option as shown below in Figure B.



5. The first screen of the wizard asks for details regarding the new site. The common name should match the fully-qualified domain name for the site. Otherwise, provide information about your site, making sure to spell out the name of your state and locality. (Figure C)



6. Click Next to continue.
7. The next screen of the wizard asks you to choose cryptography options. The default, Microsoft RSA SChannel Cryptography Provider is fine. A key length of 1,024 bits is the default option and is fine as well. (Figure D)



8. Click Next to continue.
9. Finally, provide a filename to which to save the certificate request. You will need the contents of this file in the next step, so make sure you know where to find it. (Figure E)



Labels: , ,

Installing A Wildcard SSL Certificate

Posted by Unknown at 21:53 1 comments
A wildcard ssl basically allows you to use unlimited subdomains on a given domain name with one SSL certificate.  A user will need to purchase a wildcard SSL from a vendor that supplies them.

Similar to having multiple certificates installed on a server, each subdomain containing the certificate needs its own IP as well.  Wildcard SSL’s do not work like Wildcard DNS – you really do have to specifically install the certificate on each subdomain. Here are two methods to setting up Wildcard certificates for a domain.

Multiple Accounts

In this scenario, you’d have each subdomain hosted as a separate cPanel account, and each of those cPanel accounts will have its own IP address.

  1. Generate the Certificate Signing Request (CSR) in WHM, using *.domain.com

  2. Read this article to learn how to assign each account its own IP address

  3. When you’re obtained the certificate,go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com

  4. The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target subdomain

  5. Click install to install the certificate


One Account

This method may be best for users that are not resellers or that are on shared hosting servers, where having multiple cpanel accounts may not be ideal. In this case, you’d have one cPanel account and assign multiple IPs to its subdomains.

  1. Generate the Certificate Signing Request (CSR) in WHM, using *.domain.co

  2. Read this article to learn how to assign dedicated IPs to multiple subdomains on the same account

  3. When you’re obtained the certificate,go to WHM > Install a SSL Certificate and Setup the Domain and paste in the CRT and CA Bundle for *.domain.com

  4. The fields should auto-populate, in which case you need to make sure the IP is correct, then change the SSL hostname from *.domain.com to the target subdomain

  5. Click install to install the certificate

Labels: , , , ,

How to Move or Copy an SSL Certificate from one Server to Another

Posted by Unknown at 18:23 0 comments

There's two parts to moving a SSL cert. First, you will need to export the certificate on the old server. Then, you will need to import the cert to the new server. Here is a detailed description of the process to follow for both steps:


Here are the steps you should follow to export to the cert on the existing server:


1) Go to Start -> Run and enter MMC
2) From the menu bar, select Console -> Add Remove Snap In
3) Click the "Add" button. Select the Certificates snap in, and then click "Add" again
4) Choose the "Computer Account". Click Next.
5) Select "Local Computer" Click Finish.
6) Now click "Close" and then "OK"
7) Now expand the "Certificates" object in the MMC and drill down to Personal -> Certificates.
8) You should see your existing cert. listed. Right click on the cert and go to All Tasks -> Export
9) Choose "Yes, export the private key". Click "Next".
10) At the next screen, leave the default settings and hit "Next"
11) Enter a password to secure the exported cert. Click Next.
12) Enter a file name. The cert will be exported to this file name. Click Next.
13) Click Finish.


On the destination server, follow this procedure:


1) Copy the exported file over to the new server
2) Follow steps 1-7 outlined above
3) Right Click on the certificiates folder and choose "All Tasks -> Import "
4) Click Next. Browse to the file you copied over in step 1. Click Next
5) Enter the password you entered in step 11 above. Check the box "Mark the private key as exportable". Click Next
6) You want to place the cert into the Personal store - this is selected by default. Click Next.
7) Click Finish.
8) Now you will need to go into IIS and assign the SSL cert to the site.

Labels: , , , ,

Online Backup, Replication and Encryption

Posted by Unknown at 17:39 1 comments
Labels: , , , , , , , , , , , , ,

Setting up DA with an SSL certificate

Posted by Unknown at 12:33 0 comments

You can switch DirectAdmin to use SSL instead of plain text. -> https instead of http.

If you do not have your own certificates, you'll need to create your own:

/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes

chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem


This is the old method, use either the one above, or this one. The end result is the same, but takes more steps.

openssl req -new -x509 -keyout /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cacert.pem -days 3653

openssl rsa -in /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cakey.pem

rm -f /usr/local/directadmin/conf/cakey.pem.tmp
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

(Paste these one at a time as the first 2 require user input)


If you already have your own certificate and key, then paste them into the following files:

certificate: /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem

Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1 (default is 0). This tells DA to load the certificate and key and to use an SSL connection. DirectAdmin needs to be restarted after this change.

If you also have a CA Root Certificate, this can be specified by adding:

carootcert=/usr/local/directadmin/conf/carootcert.pem

into the /usr/local/directadmin/conf/directadmin.conf file (won't exist by default) and by pasting the contents of the caroot cert into that file.

Note, as of 1.30.2, you can set the value of the SSL redirect should a User connect to an https connection with plaintext http.
http://www.directadmin.com/features.php?id=801

Labels: , ,
Subscribe to: Posts (Atom)