Difference between revisions of "Using namecheap wildcard SSL certificates for HTTPS"
From Notes_Wiki
m |
m |
||
(2 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Apache web server configuration]] > [[Using namecheap wildcard SSL certificates for HTTPS]] | |||
namecheap allows purchase of wildcard SSL certificates from comodo, etc. at very good price. Process for purchasing wildcard SSL certificate from namecheap is: | namecheap allows purchase of wildcard SSL certificates from comodo, etc. at very good price. Process for purchasing wildcard SSL certificate from namecheap is: | ||
Line 27: | Line 26: | ||
<pre> | <pre> | ||
<VirtualHost *:443> | <VirtualHost *:443> | ||
ServerAdmin saurabh@ | ServerAdmin saurabh@example.com | ||
DocumentRoot /home/example/public_html/ | DocumentRoot /home/example/public_html/ | ||
ServerName www.sbarjatiya.com | ServerName www.sbarjatiya.com | ||
Line 33: | Line 32: | ||
CustomLog logs/www.sbarjatiya.com-access_log combined | CustomLog logs/www.sbarjatiya.com-access_log combined | ||
SSLEngine on | SSLEngine on | ||
SSLProtocol all -SSLv2 -SSLv3 | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 | ||
SSLHonorCipherOrder on | SSLHonorCipherOrder on | ||
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA | SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" | ||
Header always set Strict-Transport-Security "max-age=31536000" | |||
SSLCertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.crt | SSLCertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.crt | ||
SSLCertificateKeyFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.key | SSLCertificateKeyFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.key | ||
Line 46: | Line 46: | ||
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ca-chain.crt | cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ca-chain.crt | ||
</pre> | </pre> | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Apache web server configuration]] > [[Using namecheap wildcard SSL certificates for HTTPS]] |
Latest revision as of 07:34, 6 March 2022
Home > CentOS > CentOS 6.x > Apache web server configuration > Using namecheap wildcard SSL certificates for HTTPS
namecheap allows purchase of wildcard SSL certificates from comodo, etc. at very good price. Process for purchasing wildcard SSL certificate from namecheap is:
- Register on namecheap.com
- Make payment for desired certificate
- Click on "Hi! Username" on top-left corner and click on "SSL certificates"
- Click on "Activate Now" option
- Select server type as "apache + openssl"
- Generate CSR using:
- openssl req -new -newkey rsa:2048 -nodes -keyout <domain>.key -out <domain>.csr
-
- Enter various details. Avoid setting password, optional company name extra attriutes.
- Copy and paste contents of csr file on namecheap.com website
- Choose administrator email ID for verification
- Click on link in email and enter verification code
- After verification you should receive zip file with ca.crt and signed certificate in email used for registration.
If free SSL certificates are desired consider using Installing lets-encrypt SSL certificate
Configure apache to use wildcard certificate
To configure apache virtualhost for using wildcard certificate use:
<VirtualHost *:443> ServerAdmin saurabh@example.com DocumentRoot /home/example/public_html/ ServerName www.sbarjatiya.com ErrorLog logs/www.sbarjatiya.com-error_log CustomLog logs/www.sbarjatiya.com-access_log combined SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" Header always set Strict-Transport-Security "max-age=31536000" SSLCertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.crt SSLCertificateKeyFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.key SSLCertificateChainFile /etc/httpd/conf/sbarjatiya_wild_cert/ca-chain.crt </VirtualHost>
Here ca-chain.crt can be generated using certificates from zip file received in email as follows:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ca-chain.crt
Home > CentOS > CentOS 6.x > Apache web server configuration > Using namecheap wildcard SSL certificates for HTTPS