Free SSL With VPS.NET
Ok, so this is *purely* for my memory, a kind of bookmark. But VPS.NET, the hosting company I often use for virtual machines, does free SSL certificates for all customers:
http://www.vps.net/forum/public-forums/announcements/233-free-and-unlimi...
Here's how you get one and configure it. (Using the VPS.NET Centos 5.4 64 bit LAMP image, and with ISPmanager Pro - also free from VPS.NET - as the server control panel. This is my usual set-up.)
- Set up your VM in the usual way
- Install ISPmanager Pro in the usual way (raise a ticket, ask for your box to be added to the license, wait patiently, run installer)
- Create your site in ISPmanager Pro
- Enable PHP as an Apache module and SSL for your site in ISPmanager Pro
- Login to your server and create a key using this command:
openssl genrsa -des3 -out example.com.key 1024 - While you're in there, generate a CSR (certificate request) like this:
openssl req -new -key example.com.key -out example.com.csrWhile creating your .csr file you will be prompted to provide some data. Note, Common Name must be the same as Host (see two steps on) e.g. www.example.com.
You now have two files in the directory you were working from, example.com.key and example.com.csr
- Open example.com.csr and copy the contents to the clipboard
- Raise another support ticket, asking for a free SSL certificate, including the following information:
Host (with or without the 'www') e.g. www.example.com
An email address, must be any of the following at the host domain, apparently:
admin@, hostmaster@, root@, ssladmin@, sysadmin@, administrator@, webmaster@Address and contact info:
* Your Name
* Your Company
* Contact Email Address
* Address 1
* Address 2
* Town
* County
* Postcode
* CountryYour CSR file (paste the information you copied to your clipboard in the previous step)
- All being well, VPS.NET support staff will report your certificate has been ordered and you'll get an email from Comodo
- Follow the instructions, confirm your order, then in the proceeding email you'll be invited to download your certificate - follow the instructions again and go fetch your zip file - save it somewhere SAFE!
- Open it and extract the certificate file, www_example_com.crt in all likelihood - copy this file up to the server
- Assuming the site was set up using ISPmanager, you will have a /var/www/httpd-cert/ directory with phoney certificates already in place for your domain (enabling SSL does this).
All you need to do is copy your generated example.com.key file from earlier over the one in /var/www/httpd-cert/, same for the uploaded www_example_com.crt - use it to replace /var/www/httpd-cert/example.com.crt
- ISPmanager will *not* have created an entry for the all important ca-bundle file (if you didn't receive this, notes on how to create it are here). Once you have your bundle (created or otherwise) copy it up to your web server in to the directory where your other certificates are. I named the file example.com.ca-bundle, to be consistent with the certificate file names ISPmanager creates, and placed it in /var/www/httpd-cert.
- Edit your httpd.conf file and right at the bottom of the file you will find the VirtualHost entry for example.com:443. Somewhere in the VirtualHost entry, it would make sense to group the SSL stuff together, you need to add this line, assuming you copied my names and locations:
SSLCertificateChainFile /var/www/httpd-cert/example.com.ca-bundle - Restart Apache (note, if you gave your key a pass phrase then a sure sign things are going right is if you're prompted to enter it when you restart Apache!)
- If you do not want a pass phrase on your key, which you probably don't because it means Apache can't come back up if the server is restarted, then read this:
http://www.madboa.com/geek/openssl/#key-removepass
Job done. If you want to set things up manually (without ISPmanager) then there are good instructions on the Comodo site:
https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kba...
Free SSL. How about that? =)
Post new comment