Oh sure. It SOUNDS simple…
So this is how this all started. A client has a facebook tab up on their facebook business page. It was created a while back – before Facebook decided that one had to have an SSL enabled site to link from their website. At least they weren’t enforcing it.
So I moved the site from one server to a considerably stronger server a few months back. Lo and behold, about that time, Facebook apparently started enforcing the SSL thing. And the tab stopped working. Sounds like we are going to need a little SSL love, doesn’t it?
So how exactly IS that done? First we make a call to ixHosting as their page yammers about shared SSL certificates free with all accounts. Nope. No dice. Not on cloud servers. Yer on yer own. Makes sense I guess, but seems like it MIGHT be time for some updated documentation on the website, yes?
Buy and Install an SSL Certificate on your Server/Domain
First step. SSL Certificate.
The last time I bought an SSL certificate for a client, I believe it was about a hundred bucks and required a whole LOT of fidgeting around on an IIS server. It actually seemed like it might be a bit easier on a Linux / Apache server..
Get your CSR from your CPanel
This is for a client account on a ixWebhosting Cloud VPS
Here’s what you need to do in order (the best I can remember)
Go to site CPanel for your target DOMAIN. Go to security =>SSL/TLS Manager
Go right down the line – Generate a Private Key, Generate a Certificate Signing Request (CSR)
Get your SSL from GoDaddy (reasons below)
Now you need someplace to buy an SSL. I know a lot of people have a bad thing about GoDaddy, but for this kind of stuff – and for a $5.99/year SSL? Mmm… yeah, I’m good with it – considering the SSL that ix WebHosting tries to push you to is 49.99/year. Login / create account at GoDaddy – whatever is needed.
Now, you DO need to buy the SSL before you actually fill in the details. I was expecting that it would ask everything all at the same time and so was sort of scratching my head, “Ok, what do I do now?” Purchase your SSL certificate and it all sort of starts falling into place.
You’ll get an email from GoDaddy. There’s probably a way to do this directly in the interface, but teir interface is SOOO effed up that it’s easier to wait for the email – IMHO of course. So now wait. After purchasing your SSL cert, you’ll get an email thanking you for your order. Click the “Activate” button in the email.
Now that you’ve activated your SSL cert, you’ll fill in the information as requested. It’s sort of straightforward. Once you fill all that out, you’ll click “Apply” or whatever. And wait again. However, on the PLUS side, getting your SSL from GoDaddy does NOT require a day to take care of. I believe mine was ready to go in about 10 minutes.
You can keep refreshing the Certificates panel – you’ll go from pending to issued at some point. Or you can just wait to get the email telling you that it has been issued.
Download the certificate to your computer. It will be a zip file.
Break out the zip file and you will have 2 files – a crt file with the domain name and suffix, and a gd_bundle.crt file. Still not sure what’s up with the gd_bundle.crt.
Now Let’s install the certificate
Now back to your Apache domain control panel. Back to the SSL/TSL area and install your crt file. Go into the Certificates (CRT) area and now you will click the Generate, View, upload link. Ignore the first part about pasting your certificate below – go right to the “Choose a certificate file” Browse and find the certificate (crt) file from the last step. Give it a description. Upload certificate.
NOW, that’s about it. NOW go to the WHM area as the root user. HOp into the SSL/TLS area =>Install an SSL Certificate on a Domain.
Browse Certificates – Go to the Browse Account and find the account into which you just uploaded your certificate. Once you select it, click teh Use Certificate. And then install. Boom. You’re done.
You should NOW be able to browse your site using https://domainname and all that.
And then the problems ensued. That will be next post.