Difference between revisions of "Using namecheap wildcard SSL certificates for HTTPS"

From Notes_Wiki
m
m
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
<yambe:breadcrumb>Apache_web_server_configuration|Apache web server configuration</yambe:breadcrumb>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Apache web server configuration]] > [[Using namecheap wildcard SSL certificates for HTTPS]]
=Using namecheap wildcard SSL certificates for HTTPS=


namecheap allows purchase of wildcard SSL certificates from comodo, etc. at very good price.  Process for purchasing wildcard SSL certificate from namecheap is:
namecheap allows purchase of wildcard SSL certificates from comodo, etc. at very good price.  Process for purchasing wildcard SSL certificate from namecheap is:
Line 27: Line 26:
<pre>
<pre>
<VirtualHost *:443>
<VirtualHost *:443>
     ServerAdmin saurabh@rekallsoftware.com
     ServerAdmin saurabh@example.com
     DocumentRoot /home/example/public_html/
     DocumentRoot /home/example/public_html/
     ServerName www.sbarjatiya.com
     ServerName www.sbarjatiya.com
Line 33: Line 32:
     CustomLog logs/www.sbarjatiya.com-access_log combined
     CustomLog logs/www.sbarjatiya.com-access_log combined
     SSLEngine on
     SSLEngine on
     SSLProtocol all -SSLv2 -SSLv3
     SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
     SSLHonorCipherOrder on
     SSLHonorCipherOrder on
     SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
     SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
    Header always set Strict-Transport-Security "max-age=31536000"
     SSLCertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.crt
     SSLCertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.crt
     SSLCertificateKeyFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.key
     SSLCertificateKeyFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.key
Line 46: Line 46:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ca-chain.crt
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ca-chain.crt
</pre>
</pre>
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Apache web server configuration]] > [[Using namecheap wildcard SSL certificates for HTTPS]]

Latest revision as of 07:34, 6 March 2022

Home > CentOS > CentOS 6.x > Apache web server configuration > Using namecheap wildcard SSL certificates for HTTPS

namecheap allows purchase of wildcard SSL certificates from comodo, etc. at very good price. Process for purchasing wildcard SSL certificate from namecheap is:

  1. Register on namecheap.com
  2. Make payment for desired certificate
  3. Click on "Hi! Username" on top-left corner and click on "SSL certificates"
  4. Click on "Activate Now" option
  5. Select server type as "apache + openssl"
  6. Generate CSR using: 
    openssl req -new -newkey rsa:2048 -nodes -keyout <domain>.key -out <domain>.csr
    Enter various details. Avoid setting password, optional company name extra attriutes.
  7. Copy and paste contents of csr file on namecheap.com website
  8. Choose administrator email ID for verification
  9. Click on link in email and enter verification code
  10. After verification you should receive zip file with ca.crt and signed certificate in email used for registration.

If free SSL certificates are desired consider using Installing lets-encrypt SSL certificate


Configure apache to use wildcard certificate

To configure apache virtualhost for using wildcard certificate use: 

<VirtualHost *:443>
    ServerAdmin saurabh@example.com
    DocumentRoot /home/example/public_html/
    ServerName www.sbarjatiya.com
    ErrorLog logs/www.sbarjatiya.com-error_log
    CustomLog logs/www.sbarjatiya.com-access_log combined
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder on
    SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
    Header always set Strict-Transport-Security "max-age=31536000"
    SSLCertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.crt
    SSLCertificateKeyFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.key
    SSLCertificateChainFile /etc/httpd/conf/sbarjatiya_wild_cert/ca-chain.crt
</VirtualHost>

Here ca-chain.crt can be generated using certificates from zip file received in email as follows: 

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ca-chain.crt



Home > CentOS > CentOS 6.x > Apache web server configuration > Using namecheap wildcard SSL certificates for HTTPS

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Using_namecheap_wildcard_SSL_certificates_for_HTTPS&oldid=5431"