I have done some research on SSL and have a few questions. Would I need a dedicated IP for the SSL? Would I be able to use a secured and unsecured connection with the same domain/IP (http vs https)?
Thanks in advance!
Thanks in advance!
-
-
๐ Domain search now with sales history! ๐ฅณ
Setting Up SSL
- Thread starter snike
- Start date
The views expressed on this page by users and staff are their own, not those of NamePros.
- Impact
- 364
Question:
When I am purchasing or replacing my certificate I get the error:
Your RSA key is too small! or This CSR uses an unsupported key size.
Answer:
For all certificates that Comodo issues (including EV SSL), the RSA key size MUST BE at least 2048-bit as of 20-DEC-2010.
Note: To retain maximum compatibility across all browsers do not use an RSA key size of over 2048 at this time!
- Impact
- 417
You can get valid FREE SSL certs here, and they work in all major browsers.
https://www.startssl.com
https://www.startssl.com
CrackFeed.Com
Account Closed
- Impact
- 13
As of December 2010, you need to use 2048 at least because 1024 is now decryptable thanks to the evolution of our processors.
Last edited:
- Impact
- 3
Dedicated Ip will cost you more than 24$+/- a year, I think you should have atleast $50 to setup your own ssl in your site. Free ssl can give you only 30 to 90 days extensions.
- Impact
- 417
Free SSL
Free SSL is for a whole year, and free to renew.
IP's are free with a VPS.
CrackFeed.Com
Account Closed
- Impact
- 13
Not Godaddy SSL, the free ones are good one year.
I will, for the first time in history, agree with Buzzy. A VPS will be your best value. Look at Hostgator VPS Level3. Use promo code NamePros2011 for 25% off for first month. Just watch out for godaddy, they lack all around except in ssl, domains and email.
- Impact
- 0
With the introduction of the Apache2 packages in Debian it is much simpler to create and use a secure SSL protected webserver than in the old days with Apache 1.3, here we'll show how it is done.
If you have Apache 2.x installed already then you're good to go as you don't need anything extra installed.
If you haven't got it installed then you can do so easily:
earth:~# apt-get install apache2
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
apache2-common apache2-mpm-worker apache2-utils openssl ssl-cert
Suggested packages:
apache2-doc ca-certificates
The following NEW packages will be installed:
apache2 apache2-common apache2-mpm-worker apache2-utils openssl ssl-cert
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 2040kB of archives.
After unpacking 6218kB of additional disk space will be used.
Do you want to continue? [Y/n]
Once the server is installed you need to do three things to get a working SSL setup:
1. Generate, or import, a certificate.
2. Enable Apaches SSL support.
3. Configure your SSL options.
Generating A Certificate
Generating a certificate from scratch will give you something which will be used to protect the traffic exchanged between clients and your server, however it will be signed by a untrusted certificate authority so it will generate warnings.
Importing a paid and "trusted" certificate will avoid this problem, but that is beyond the scope of this simple introduction.
Generating an SSL certificate for Apache2 may be accomplished using the apache2-ssl-certificate script. This will ask you questions interactively then generate the certificate file appropriately.
Here's a sample session:
earth:~# apache2-ssl-certificate
creating selfsigned certificate
replace it with one signed by a certification authority (CA)
enter your ServerName at the Common Name prompt
If you want your certificate to expire after x days call this programm
with -days x
Generating a 1024 bit RSA private key
............++++++
..........................++++++
writing new private key to '/etc/apache2/ssl/apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Some-State]:Scotland
Locality Name (eg, city) []:Edinburgh
Organization Name (eg, company; recommended) []:Steve Kemp
Organizational Unit Name (eg, section) []:
server name (eg. ssl.domain.tld; required!!!) []:earth
Email Address []: [email protected]
Configuring your SSL Hosts
With a certificate setup, and the server updated to load and listen for incoming SSL connections you're almost finished. The final step is to ensure that your virtual hosts, or main host, will accept SSL options.
I use virtual hosts upon my machine and this just means adding a couple of options to each one I wish to use SSL:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
For reference here is a complete example which should be easy to modify/understand:
NameVirtualHost *:443
NameVirtualHost *:80
<VirtualHost *:80>
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>
Share/Save/Bookmark
If you have Apache 2.x installed already then you're good to go as you don't need anything extra installed.
If you haven't got it installed then you can do so easily:
earth:~# apt-get install apache2
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
apache2-common apache2-mpm-worker apache2-utils openssl ssl-cert
Suggested packages:
apache2-doc ca-certificates
The following NEW packages will be installed:
apache2 apache2-common apache2-mpm-worker apache2-utils openssl ssl-cert
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 2040kB of archives.
After unpacking 6218kB of additional disk space will be used.
Do you want to continue? [Y/n]
Once the server is installed you need to do three things to get a working SSL setup:
1. Generate, or import, a certificate.
2. Enable Apaches SSL support.
3. Configure your SSL options.
Generating A Certificate
Generating a certificate from scratch will give you something which will be used to protect the traffic exchanged between clients and your server, however it will be signed by a untrusted certificate authority so it will generate warnings.
Importing a paid and "trusted" certificate will avoid this problem, but that is beyond the scope of this simple introduction.
Generating an SSL certificate for Apache2 may be accomplished using the apache2-ssl-certificate script. This will ask you questions interactively then generate the certificate file appropriately.
Here's a sample session:
earth:~# apache2-ssl-certificate
creating selfsigned certificate
replace it with one signed by a certification authority (CA)
enter your ServerName at the Common Name prompt
If you want your certificate to expire after x days call this programm
with -days x
Generating a 1024 bit RSA private key
............++++++
..........................++++++
writing new private key to '/etc/apache2/ssl/apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Some-State]:Scotland
Locality Name (eg, city) []:Edinburgh
Organization Name (eg, company; recommended) []:Steve Kemp
Organizational Unit Name (eg, section) []:
server name (eg. ssl.domain.tld; required!!!) []:earth
Email Address []: [email protected]
Configuring your SSL Hosts
With a certificate setup, and the server updated to load and listen for incoming SSL connections you're almost finished. The final step is to ensure that your virtual hosts, or main host, will accept SSL options.
I use virtual hosts upon my machine and this just means adding a couple of options to each one I wish to use SSL:
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
For reference here is a complete example which should be easy to modify/understand:
NameVirtualHost *:443
NameVirtualHost *:80
<VirtualHost *:80>
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName earth.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>
Share/Save/Bookmark
- Impact
- 0
This is amazing, i am really finding about that a long time. This is interesting topic. Thanks for this good sharing. Because it is very useful and interesting.
Similar threads
- Locked
New posts โ
-
Loading issues- 3 posters
- MasterOfMyDomains
-
Wanted Brandable names in .com- 4 posters
- mazharul41
-
Outcord.com 125$ bin- Reply by GabiDo
Polls of interest โ
-
What are your strengths as an investor?- 179 voters
- 26 replies
-
What's your domain portfolio size?
- 444 voters
- 132 replies
-
How do you think a potential buyer first checks if your domain is for sale?- 453 voters
- 51 replies
Hot this week โ
-
5 Debates Domainers Will Never Agree On- 19 comments
- 38 points
-
What Separates Domain Investors Who Fade Away From Those Who Stay?- 9 comments
- 23 points
Hot this month โ
-
Seeking Premium One-Word Domains ( .IO / .AI / .ORG) โ Wholesale Only
- 47 replies
- 42 posters
-
Most Domains Don't Sell Because...
- 45 comments
- 60 points
-
How do you spot domain trends BEFORE they explode? (like claw keyword did)- 40 replies
- 1 point
-
WTB: LWord.com, LLWord.com, LLLWord.com, budget is $10-$3000 per domain.
- 36 replies
- 1 point
