Category: SSL Installation

  • Step-by-Step Guide: How to Install SSL on IIS 8 and Later

    Step-by-Step Guide: How to Install SSL on IIS 8 and Later

    Part 1: Generate CSR and Private Key

    1. Access the CSR Generator:
    2. Complete the Form:
      • Fill in the form with accurate information using standard characters.
    3. Download Your CSR:
      • Click the blue button to download your CSR in txt format.
    4. Save Your CSR:
      • Keep the downloaded CSR file in a secure location; you’ll need it during the SSL certificate ordering process.
    5. Utilize SHA 256 Algorithm:
      • Rest assured; our generator employs the secure SHA 256 Algorithm.
    6. Combined CSR and Private Key:
      • Both your CSR and Private Key are conveniently combined in the same file. Use it wisely.

    Part 2: Purchase and Install SSL Certificate

    1. Purchase Your SSL Certificate:
    2. Provide CSR During Order:
      • During the ordering process, you’ll be prompted to input your CSR. Use the saved CSR file from Part 1.
    3. Download Issued SSL Certificate:
      • Once issued, download your SSL certificate and save it securely.

    Part 3: Install SSL Certificate on IIS

    1. Access IIS Manager:
      • inetmgrLaunch IIS Manager and click the server name in the Connections menu.
        iis
    2. Open Server Certificates Manager:
      • On the server’s Home page, double-click Server Certificates in the IIS section.
        iis server certificates
    3. Open Complete Certificate Request Wizard:
      • On the Actions menu, click “Complete Certificate Request…”
        complete certificate request
    4. Specify Certificate Authority Response:
      • Click the … button to locate your certificate. Add it to IIS.
        iis locate certificate
      • Specify a Friendly Name for easy identification.
        iis friendly name
      • Select Web Hosting as the certificate store and click OK to import.
        iis
    5. Set Certificate Bindings:
      • Return to the server home page in IIS. In Connections, expand Sites and click the site needing SSL.
      • In the Actions menu, click “Bindings…”
        iis
      • For new installation, click Add. For replacements, click Edit.
        iis - add binding
      • In the Add Site Bindings window:
        • Type: https
        • IP Address: Select your site’s IP Address or All Unassigned.
        • Port: 443
        • Host Name: Not required for a single-name certificate.
          add
        • If installing on multiple sites, enter the domain for each site.
        • SSL Certificate: Select your site’s certificate from the drop-down.
      • Click OK when configured.
    6. Restart IIS:
      • For changes to take effect, restart IIS. You can do this in the Actions pane by clicking on “Restart.”
    7. Test Your SSL Installation:
    • Open your website using “https://”. A secure padlock icon should indicate successful installation.

    Congratulations! Your website is now fortified with SSL. Check for the padlock on your site or use an online SSL Checker tool for verification. Your website is secure, ensuring a safe user experience.

  • Self-Signed SSL Installation Made Simple

    Self-Signed SSL Installation Made Simple

    Here’s a step-by-step guide to generate a self-signed SSL certificate using OpenSSL:

    Install OpenSSL on your system if it’s not already installed. You can download OpenSSL from their official website.

    Open a terminal or command prompt and navigate to the directory where you want to generate the SSL certificate.

    Run the following command to generate a private key:


    
openssl genrsa -out key.pem 2048

    This will generate a private key with a 2048-bit key length and save it to a file named “key.pem”.

    Run the following command to generate a certificate signing request (CSR):


    
openssl req -new -key key.pem -out cert.csr

    This will generate a CSR using the private key you just created and save it to a file named “cert.csr”. You will be prompted to provide some information about your organization and the domain name you want to secure.

    Now run the following command to generate a self-signed SSL certificate:


    
openssl x509 -req -days 365 -in cert.csr -signkey key.pem -out cert.pem

    This will generate a self-signed SSL certificate with a validity of 365 days and save it to a file named “cert.pem”.

    That’s it! You have now generated a self-signed SSL certificate using OpenSSL. Note that this certificate is not trusted by any browser or operating system, so it should only be used for testing purposes or on a private network. If you need a trusted SSL certificate for a production website, you should purchase one from a reputable certificate authority.

    During the SSL generation you might face this issue


    
req -new -key C:\xampp\htdocs\generateSSL\key.pem -out C:\xampp\htdocs\generateSSL\cert.csr -config "C:\xampp\apache\conf\openssl.cnf" problem creating object tsa_policy1=1.2.3.4.2 25396:error:08064066:object identifier routines:OBJ_create:oid exists:crypto\objects\obj_dat.c:698: error in req

    The error message suggests that the OID already exists in the OpenSSL object data file. This could happen if you have multiple OpenSSL installations on your system, or if there are other configuration files on your system that are using the same OID.

    To fix this error, you can try assigning a different OID to the TSA policy object, as we did before. However, this time, you should choose an OID that is not already defined in the OpenSSL object data file.

    Here’s how you can do this:

    1. Open your OpenSSL configuration file in a text editor. In your case, the file is located at “C:\xampp\apache\conf\openssl.cnf”.
    2. Search for the section of the file that defines the TSA policy object. It should look something like this:

    
[tsa]
    
default_tsa = tsa_config1
    
[tsa_config1]
    
...
    
tsa_policy1 = 1.2.3.4.1
    
...

    3. Change the value of “tsa_policy1” to a different OID that is not already defined in the OpenSSL object data file. You can use any valid OID that starts with a number greater than 1. For example, you could change it to “1.2.3.4.999”.


    
[tsa]
    
default_tsa = tsa_config1
    
[tsa_config1]
    
...
    
tsa_policy1 = 1.2.3.4.999
    
...

    tsa

     

    4. Save the changes to your configuration file and try running the OpenSSL command again.

    This should resolve the error you’re seeing

     

  • How to Install SSL on XAMPP Server

    How to Install SSL on XAMPP Server

    To install SSL on a XAMPP server using OpenSSL, you can follow the steps below:

    Step 1: Install OpenSSL

    The first step is to download and install OpenSSL on your system. You can download the latest version of OpenSSL from the official website and install it by following the instructions.

    Step 2: Generate a Certificate Signing Request (CSR)

    Next, you need to generate a CSR for your domain. You can do this by using OpenSSL. Open the OpenSSL command prompt and run the following command:

    openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

    Replace “yourdomain” with your actual domain name.

    Step 3: Purchase or Obtain SSL Certificate

    Once you have generated the CSR, you can purchase an SSL certificate from a trusted certificate authority or obtain a free SSL certificate from Let’s Encrypt.

    Step 4: Configure Apache to Use SSL

    In order to configure Apache to use SSL, you need to modify the Apache configuration files. There are two configuration files you need to modify:

    a. httpd.conf
    Open the httpd.conf file located in the C:\xampp\apache\conf directory and enable the SSL extension by removing the “#” from the line:

    LoadModule ssl_module modules/mod_ssl.so

    b. httpd-ssl.conf
    Open the httpd-ssl.conf file located in the C:\xampp\apache\conf\extra directory and update the following lines:

    SSLCertificateFile "C:/path/to/yourdomain.crt"
    SSLCertificateKeyFile "C:/path/to/yourdomain.key"

    Replace the path with the actual path where your SSL certificate and key are located.

    Step 5: Restart Apache

    Finally, restart Apache to apply the changes you made to the configuration files. You can do this by using the XAMPP control panel or by running the following command in the command prompt:

    net stop apache


    net start apache

    Congratulations! You have successfully installed an SSL certificate on your XAMPP server using OpenSSL.

  • Securing Your Code with Code Signing SSL: A Guide to Installation on Linux Apache Server

    Code Signing SSL is a digital certificate that is used to sign software code and scripts to ensure their integrity and authenticity. When a code signing certificate is installed, it adds a digital signature to the code, which verifies that it came from the original author and has not been tampered with in any way. This helps to protect users from malware and other malicious software that may be distributed under the guise of legitimate applications.

    In this blog post, we will walk you through the installation process of Code Signing SSL on a Linux Apache server.

    Step 1: Purchase a Code Signing SSL certificate

    The first step is to purchase a Code Signing SSL certificate from a trusted Certificate Authority (CA). There are many CAs available, such as Comodo, DigiCert, and Sectigo. When choosing a CA, make sure to select a reputable one that is recognized by popular web browsers.

    Step 2: Generate a Certificate Signing Request (CSR)

    Once you have purchased a Code Signing SSL certificate, you will need to generate a Certificate Signing Request (CSR) on your Apache server. You can do this using the following command:

    openssl req -new -newkey rsa:2048 -nodes -keyout mykey.key -out mycsr.csr

    Make sure to replace mykey.key and mycsr.csr with the file names you want to use.

    You will then be prompted to enter information about your organization, such as its name and location. Be sure to enter accurate information as it will be used to verify your identity.

    Step 3: Submit your CSR to the CA

    Once you have generated your CSR, you will need to submit it to the CA to obtain your Code Signing SSL certificate. The process for doing this will vary depending on the CA you have chosen, but typically involves uploading your CSR to their website and completing a verification process.

    Step 4: Install your Code Signing SSL certificate

    Once you have received your Code Signing SSL certificate from the CA, you can install it on your Apache server. To do this, follow these steps:

    Create a directory to store your SSL certificates:

    mkdir /etc/ssl/certs

    Copy your SSL certificate to the new directory:

    cp your_certificate.crt /etc/ssl/certs/

    Create a file to store your SSL private key:

    sudo nano /etc/ssl/private/your_domain.key

    Paste your private key into the file and save it.

    Configure your Apache virtual host to use SSL:

    <VirtualHost *:443>
    ServerName yourdomain.com
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/your_certificate.crt
    SSLCertificateKeyFile /etc/ssl/private/your_domain.key
    </VirtualHost>

    Make sure to replace yourdomain.com with your actual domain name, and /var/www/html with the path to your website’s root directory.

    Restart Apache to apply the changes:

    sudo systemctl restart apache2

    Congratulations! You have successfully installed your Code Signing SSL certificate on your Linux Apache server. Your code will now be signed with a digital signature, ensuring its authenticity and integrity.

  • SSL Certificate Installation Instructions & Tutorials

    SSL Certificate Installation Instructions & Tutorials

    SSL certificate installation is typically performed by the hosting company that provides services for the domain. However, you may also choose install an SSL certificate yourself. Select your server type from the list below to find detailed instructions for installation.

    I am going to recommend an article written on DIGICERT team for almost all type of servers. Here is the link.

    After the installation, check your ssl installation here.

    This tool can verify that the SSL Certificate on your web server is properly installed and trusted. SSL Checker will display the Common Name, server type, issuer, validity, certificate chaining, and more certificate details.

    If you feel your website is not displaying the proper security lock, the Why No Padlock tool is just for you! By simply entering your URL into here in the box, you can instantaneously check if there are ANY insecure links found within your URL.

  • SSL Installation on Webmin

    The following instructions will guide you through the SSL installation method on Webmin. If you have got more than one server or device, you may need to install the certificate on every individual server or device you wish to secure. If you still haven’t generated your certificate and completed the validation method, reference our CSR Generation instructions and disregard the steps below.

    Steps required:

    1. Private Key
      • This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it
    2. Server Certificate:
      • This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.
    3. Intermediate Certificates
      • These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificates, which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate.

    Installation Steps:

    Copy Certificates to the Server
    Copy your certificate files (SSL & intermediates), along with your private key, and put them on your server.

    Locate your Miniserv.pem file
    It’s usually located in the same directory as your Miniserv.conf file. You’re going to be replacing miniserv.pem with a new one you will create shortly.

    Create a new Miniserv.pem
    There are two ways to do this, either enter the following command line:
    cat private.keyyourdomain.crt > new-miniserv.pem
    OR, you can open both your SSL certificate and private key, paste both into a new .txt file (key first, then certificate) and save it as new-miniserv.pem.

    Configure your miniserv.conf file
    Finally, you’ll need to add your intermediate. Open your .conf file and enter the location of the intermediate you copied to the server earlier:
    extracas=/etc/webmin/intermediate_certificate.crt

    Hurrah! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.

    You can check your SSL installation on SSL Checker Tool.

    Good luck! 😀