purchasing/installing an SSL certificate(questions)

schwim

Well-Known Member
Aug 2, 2006
213
0
166
Hi there everyone,

I've got a customer that wants an SSL certificate, and I've never purchased or installed one before. I've read through the forum, and I've viewed the WHM support docs, but I'm still confused. A lot of the options in WHM seem redundant:

Generate a SSL Certificate and Signing Request
Install a SSL Certificate and Setup the Domain
Purchase & Install SSL Certificate

1) Which one of these options do I want?
2) Do I need a separate IP for any domain that has it's own SSL cert?(I read this in the forum)
3) Is there any other requirement for the domain to have it's own certificate besides a dedicated IP?
4) When the orderform speaks of "division", what does that mean?

Any help would be greatly appreciated.

thanks,
json
 

PWSowner

Well-Known Member
Nov 10, 2001
2,948
4
343
ON, Canada
Account must have a dedicated IP, then:

1 - generate SSL certificate and signing request
2 - order SSL certificate from wherever you choose (they will need the csr generated in 1)
3 - install certificate and set up domain (exact install process varies a bit between certificate providers)

Division is just a business term. Put whatever you want there.
 

S-Combs

Well-Known Member
Jun 10, 2004
78
0
156
PWSowner is correct

Once you provide the CSR to your certificate provider they will then give you the info you need to finalize your cert creation.

Be sure that your (or clients) information submitted to the cert provider exactly matches your/(their) whois info for that domain.

In some cases your host may need to help you also by updating your rwhois data to list you as the authoritative contact for the IP that is being used (I have had to deal with this for Comodo certs).


Good luck
 

schwim

Well-Known Member
Aug 2, 2006
213
0
166
Thanks very much for your help guys. I have a couple of more questions:

1) Does "wildcard certificate" mean that I can use any subdomain ( subdomain1.domain.com & subdomain2.domain.com ), and the cert will cover it?

2) "Certificate Hostname (i.e. secure.domain.com ): I need the cert for a shopping cart script. The script is installed in public root (www.domain.com), and I don't think I'll be using a subdomain, just https://www.domain.com. Do I simply request the cert for www.? Is there a better way to do this?

Thanks very much for all of your help,
json
 

S-Combs

Well-Known Member
Jun 10, 2004
78
0
156
A wildcard cert will allow you to use both domain and subdomains from the single cert

*.domain.com/*

https://store.domain.com and https://domain.com/store would both be valid

A standard cert will work for either one but not both.

Additionally, www is treated as a subdomain so don't add that prefix unless of course that is what you want. Meaning; If you certify www.domain.com then someone visiting https://domain.com would get an invalid cert warning.
 

Paonza

Member
Apr 19, 2004
24
0
151
Are you sure is needed a Dedicated IP for the account using the cert?

I asked the installation to my hoster company and they install the cert for my requested domain on the port :440 ....

How is this possible?

thank you
Fabio
 

Gareth

Well-Known Member
Feb 11, 2004
71
0
156
Isle of Anglesey, UK
Yes it has to be a dedicated IP

Port 80 is the standard port (non secure) port 440 is the secure port. Non-Secure and Secure are always on seperate ports (ie 80 or 440)

When you use http://domain.com/ your browser will send you to port 80, https://yourdomain.com/ the browser sends you to port 440
 

Paonza

Member
Apr 19, 2004
24
0
151
Thank you for the answer...


On the same IP I share other domains without SSL cert!

Is it correct the follow:
If I need anoter domain with a private SSL cert I need to move it on another dedicated ip because current is already used?

thx
Fabio
 

Gareth

Well-Known Member
Feb 11, 2004
71
0
156
Isle of Anglesey, UK
Thank you for the answer...


On the same IP I share other domains without SSL cert!

Is it correct the follow:
If I need anoter domain with a private SSL cert I need to move it on another dedicated ip because current is already used?

thx
Fabio
Yes that is correct
 

duganji

Registered
Jan 23, 2007
1
0
151
Please Help

Hi I have the same problem,

The domain i have set up has its own IP.

When i paste the crt and submit it says it installed ok but has this at the end of the line

error 18 at 0 depth lookup:self signed certificate OK

When i view https in browser it says the issuer is myself and not direct nic where i bought it.

Direct nic say something about installing a bundle of 3 .crt.. but how?
 

Rubas

Well-Known Member
Sep 15, 2003
125
0
166
Make sure you replaced the certificate field with your new certificate (don't past your cert in the last field!)
 

clbrack1

Active Member
Nov 3, 2006
39
0
156
We purchase and install the 19.95 certs from Godaddy all day long and this is what you will need to do for Godaddy:

1. sign up for a godaddy account
2. Generate a SSL Certificate and Signing Request
3. SAVE all copies of the CRT and CSR that are displayed on the screen in txt format
4. order the cert from godaddy (this done via the web)
5. download the cabundle from the cert company (use the same cabundle for all certs from this company, reguardless of domain)
6. give the site in question a static ip addres, this address must be different from any other ip address that already has an ssl cert. one ip address per ssl cert
7. install cert from WHM
8. cut-n-paste the appropriate txt files in the appropriate boxes. Godaddy has specific instructions on cpanel/whm and you need to read them carefully. putting the wrong txt in the wrong box will only generate an error and you can hit the back button to correct
9. FYI, I always put the division as: Web or WWW
10. you are done

note that if you order the cert (from godaddy) as www.yourdomain.com then you can only do https as https://www.yourdomain.com. https will NOT work with https://yourdomain.com. You will get an unknown cert error from your browser. Wildcard certs will get around this but they are $199 from godaddy.


Hope this helps,

Chris
 

clearstr

Registered
Apr 1, 2003
2
0
151
We purchase and install the 19.95 certs from Godaddy all day

note that if you order the cert (from godaddy) as www.yourdomain.com then you can only do https as https://www.yourdomain.com. https will NOT work with https://yourdomain.com. You will get an unknown cert error from your browser. Wildcard certs will get around this but they are $199 from godaddy.


Hope this helps,

Chris
so is it better to specify https://yourdomain.com will this work with both https://yourdomain.com and https://www.yourdomain.com or just the first?
d
 

deadlock

Well-Known Member
May 12, 2002
58
0
306
yourdomain.com and www.yourdomain.com are two different domains as far as SSL certs are concerned, so if you purchase a SINGLE (not wildcard) cert for one, it will not work with the other.

I would add another important point about ordering certs from Godaddy. Make sure that the details you provide (name, company etc) *EXACTLY* match what is listed on your proof documents. For example, if your company is registered as "Mycompany Limited", when you go to fill out the Godaddy request forms, they will not accept "Mycompany Ltd.". In my experience Thawte are more flexible about this type of thing, but then again they are more expensive ;)

Hopefully this post can save somebody else from the hoops I've had to jump through...
 

krusty

Active Member
Apr 1, 2004
26
0
151
We purchase and install the 19.95 certs from Godaddy all day long and this is what you will need to do for Godaddy:

1. sign up for a godaddy account
2. Generate a SSL Certificate and Signing Request
3. SAVE all copies of the CRT and CSR that are displayed on the screen in txt format
4. order the cert from godaddy (this done via the web)
5. download the cabundle from the cert company (use the same cabundle for all certs from this company, reguardless of domain)
6. give the site in question a static ip addres, this address must be different from any other ip address that already has an ssl cert. one ip address per ssl cert
7. install cert from WHM
8. cut-n-paste the appropriate txt files in the appropriate boxes. Godaddy has specific instructions on cpanel/whm and you need to read them carefully. putting the wrong txt in the wrong box will only generate an error and you can hit the back button to correct
9. FYI, I always put the division as: Web or WWW
10. you are done

note that if you order the cert (from godaddy) as www.yourdomain.com then you can only do https as https://www.yourdomain.com. https will NOT work with https://yourdomain.com. You will get an unknown cert error from your browser. Wildcard certs will get around this but they are $199 from godaddy.


Hope this helps,

Chris
Ok i've tried your mini howto

and also checked godaddy site

"Once your SSL certificate has been signed and issued, Go Daddy®will send you an e-mail message that allows you to download the signed certificate and our root certificate bundle (gd_bundle.crt), both of which must be installed on your Web site.

Note: You must use the provided certificate-download link within three days of receiving the certificate-issuance e-mail message. If the download link is allowed to expire, you must request a certificate re-key in order to retrieve your signed SSL certificate.

Follow the instructions below to install your SSL certificate and the certificate bundle on your Web server.

Installing SSL Certificate and Certificate Bundle
Before you install your issued SSL certificate you must install our certificate bundle (gd_bundle.crt) on your Web server. (You may also download the certificate bundle from the repository. The bundle is located in the Root Bundle section.)

1. Open the WebHost Manager and click Install an SSL Certificate in the SSL/TLS menu.
You will see a screen with three boxes on it. Your issued certificate, RSA private key and certificate bundle must be pasted into boxes 1, 2, and 3, respectively.
2. In the first box, paste in the contents of your issued SSL certificate. If the certificate file is on your server, you may use the Fetch button to copy it from the file.
3. In the second box, paste in your private key which was generated when you created the CSR.
4. In the third box, paste in the Go Daddycertificate bundle (gd_bundle.crt).
5. At the top of the page click Do it.
"

And im getting its not trusted - as in no ca issuer.

help!!