It is increasingly important to ensure that any data sent to websites is transmitted using encryption to protect visitors to the site. SSL certificates provide a method to encrypt data during transmission to the server. Any ubuntu server is capable of providing secure connections to sites hosted there by a web server such as Apache or Nginx.

Ordering the Certificate

Select the desired product as listed on: https://www.hivelocity.net/enhancements/ssl/

Select the certificate type from the list and look for the option to request this certificate. You will be prompted to log into your account if you are not already logged in.

Once you click buy now you will be prompted to answer a series of questions that are required to create the certificate, explained below:

Country Name:

This is the two-letter abbreviation for your country. For example, United States would be US.

State or Province Name:

This is the full name of the state your organization operates from. For example, this might be “Florida” or “Ohio”.

Locality Name:

Name of the city your organization operates from. Examples might include “Lansing” or “Phoenix”. Don’t use abbreviations in this field. For example, “St. Petersburg” should be “Saint Petersburg”

Organization Name:

The name of your organization. If you are a business, you must use your legal name. If you are applying as an individual, you use your full name instead.

Organizational Unit Name:

If applying as a business, you can enter your Business name here. Alternately, you can use a department name here. For example, “IT Department” or “Web Administration”.

Common Name:

The domain name that you are purchasing an SSL certificate for. This must be a fully qualified domain name (FQDN). In this example, this would be: example.com

Once this information is submitted you will need to select an address to receive the authorization email that will confirm your own or control the domain you are requesting a certificate for. Please create one of the address options if they do not already exist. This will also be the email address the SSL certificate is sent to.

Choose and complete the required billing information and check the email address selected for validation. Once this is completed it’s typically just a few minutes before the SSL files are sent to the same inbox.

Uploading certificate files

The SSL files will be delivered in a compressed format many tools are available to decompress the files. If you do not already have one installed consider using 7-Zip https://www.7-zip.org/

You will need to upload both the certificate file ending in .crt as well as any ca bundle files and the private key.

Once you have your decompressed SSL certificate files Use Filezilla for Windows or Cyberduck to place the files on your Ubuntu web server.

For more inforamtion or to download filezilla visit:

https://filezilla-project.org/

Or for Mac users that need an alternative:

https://www.ssh.com/ssh/cyberduck/

Using either tool connect to your Ubuntu server In this example my Ubuntu server is responding at 192.168.100.100 so I use the following when configuring a host or server to connect to;

host: sftp://192.168.100.100

and provide your ssh user and password

You can drag the SSL files to any location displayed on your server to upload them from your local computer. In this example, we will place the SSL in the path /etc/ssl

Configuring the Web Server

There are many popular web servers available that are supported by Ubuntu. The most common are Apache and Nginx.

Nginx example

First, ensure nginx has the following options in the HTTP section of /etc/nginx/nginx.conf

http {
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
}

For Nginx it is required to have all the certificates (one for your domain name and CA ones) combined in a single file. The certificate for your domain should be listed first in the file, followed by the chain of CA certificates.

If you have downloaded a complete CABundle file for your certificate, replace chain files’ names with the name of your downloaded file. COMODO_DV_SHA-256_bundle.crt is the example for PositiveSSL certificate. It will look like:

$ cat *example.com*.crt COMODO_DV_SHA-256_bundle.crt >> cert_chain.crt

or

$ cat *example.com*.crt *example.com*.ca-bundle >> cert_chain.crt

We will need to create and edit a new file for our new domain names SSL certificate in /etc/nginx/conf.d/. To open the file for editing run:

nano /etc/nginx/conf.d/example.com.conf

We will add the following information for nginx to use to access the SSL certificate:

server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server ;
server_name example.com www.example.com;
root /var/www/example.com;
ssl_certificate /etc/ssl//example.com.crt;
ssl_certificate_key /etc/ssl//example.com.key;
}

Once you have modified the VirtualHost file, it is required to restart Nginx in order to apply the changes. You can restart Nginx with this command:

nginx -s reload

The above examples are general recommendations. For complete details on SSL options for nginx please visit their site! https://www.nginx.com

Apache2 example

If your site needs to be accessible through both secure (https) and non-secure (http) connections, you need two separate files in /etc/apache2/sites-enabled/. One file is for port 80 and the other file is for port 443.

Create a new file for your domain in /etc/apache2/sites-available using:

nano /etc/apache2/sites-available/ssl-example.com

and include the following information:

<VirtualHost 0.0.0.0:443>
DocumentRoot /var/www/example.com
SSLEngine on
SSLCertificateFile /etc/ssl/example.com.crt
SSLCertificateKeyFile example.com.key
SSLCertificateChainFile /etc/ssl/cert_chain.crt
</VirtualHost>

Enable the new site:

sudo a2ensite example.com

Ensure that the SSL module is loaded:

sudo a2enmod SSL

and check the changes to apache:

Apachectl configtest

then restart apache to apply changes

/etc/init.d/apache2 restart

Full details and configuration options for apache with SSL are available at:
https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

Should have any questions or problems during your SSL order or installation please don’t hesitate to contact our staff for advice or assistance via phone at (888) 869-4678 or via a new support ticket created in your my.hivelocity.net customer portal.

The post How to Purchase and Install an SSL Certificate on Ubuntu appeared first on Hivelocity Hosting.

Self-signed certificates cannot be revoked, which may allow an attacker who has already gained access to spoof an identity if a private key has been compromised. CA signed certificates have the ability to revoke a compromised certificate, which prevents further use.

Because of the security risk, we recommend that you use the shared SSL that comes automatically with your shared or reseller account. Otherwise, we suggest that you purchase a secure SSL certificate, instead of using a self-signed certificate. On a VPS or dedicated server, you are welcome to install your own self-signed certificate, although we still do recommend that you install a CA signed certificate instead.

The post What is a self-signed SSL certificate? appeared first on Hivelocity Hosting.

The post Installing an SSL Certificate in Hsphere appeared first on Hivelocity Hosting.

The post Installing an SSL Certificate in DirectAdmin appeared first on Hivelocity Hosting.

The post What is SSL? appeared first on Hivelocity Hosting.

This step is only required if you wish to use DirectAdmin through SSL.

You will also have to change set SSL=1 in the directadmin.conf file. ( /home/directadmin/directadmin.conf )

# openssl req -new -x509 -keyout /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cacert.pem
# openssl rsa -in /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cakey.pem
# rm /usr/local/directadmin/conf/cakey.pem.tmp
# chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
# chmod 400 /usr/local/directadmin/conf/cakey.pem

Named Reload Bug (RedHat 7.2 Only)
Make sure that the /etc/rndc.conf file has the following data for the “server localhost” directive:

# cat /etc/rndc.conf
…..
server localhost {
key “rndckey”;
};

The post Install SSL for Direct Admin appeared first on Hivelocity Hosting.

The post Web SSL / TLS appeared first on Hivelocity Hosting.

Maybe you are missing the symlink. Try the following via SSH while logged in as root:

cd /usr/lib
ln -s libssl.so.0 libssl.so.4
ln -s libcrypto.so.0 libcrypto.so.4
ln -s libcrypto.so.0.9.7a* /lib/libcrypto.so.4
ln -s libssl.so.0.9.7a* /lib/libssl.so.4
cd /lib
ln -s libssl.so.0.9.7a libssl.so.0.9.7
ln -s libcrypto.so.0.9.7a libcrypto.so.0.9.7
/usr/local/cpanel/startstunnel

If Net_SSLeay needs to be reinstalled:

cd /usr/local/cpanel/src/3rdparty/perl/Net_SSLeay.pm-1.25
perl Makefile.PL
make
make install
/etc/init.d/cpanel restart

The post How do I fix SSL login for cPanel whm on port 2087? appeared first on Hivelocity Hosting.

Click on the “Tweak Settings” link under “Server Setup”. Within the system section is a check box with the heading:

“Always redirect users to the ssl/tls ports when visiting /cpanel, /webmail, etc.”

Tick the check box and apply the changes by clicking on the “Save” button at the bottom of the page.

The post How can I force users to use the WHM/Cpanel/Webmail SSL ports? appeared first on Hivelocity Hosting.

To install an SSL certificate:

1. Click on the Install an SSL Certificate and Setup the Domain link in the SSL/TLS menu.
2. Enter the domain, user name, and IP address for the certificate in the Domain, User, and IP Address fields.
3. Click on the Fetch button to paste the .key and .crt files for the domain into the available display spaces, if they are currently on your server. Otherwise, copy and paste the .key and .crt files into the available display areas.
4. Paste the ca bundle for the certificate in the bottom display area, if required.
5. Click on the Do it button.

The post How can I enable SSL support for my websites? appeared first on Hivelocity Hosting.

In short, no they do not. The certificates are good only for what they were issued for. Such as www.domain.com, but not domain.com. There are situations where a cert would be good for a subdomain. This is called a wildcard cert.

The cert would be issued for *.domain.com, so that secure.domain.com, as well as subdomain.domain.com would work for the cert.

The post Do SSL certificates include sub domains as well? appeared first on Hivelocity Hosting.