{"id":32999,"date":"2017-09-20T03:01:03","date_gmt":"2017-09-19T17:01:03","guid":{"rendered":"http:\/\/www.rjmprogramming.com.au\/ITblog\/?p=32999"},"modified":"2019-09-07T18:26:05","modified_gmt":"2019-09-07T08:26:05","slug":"ssl-certificate-renewal-tutorial","status":"publish","type":"post","link":"https:\/\/www.rjmprogramming.com.au\/ITblog\/ssl-certificate-renewal-tutorial\/","title":{"rendered":"SSL Certificate Renewal Tutorial"},"content":{"rendered":"<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=_blank href=\"https:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf\"><img decoding=\"async\" style=\"border: 15px solid pink;\" alt=\"SSL Certificate Renewal Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_549.jpg\" title=\"SSL Certificate Renewal Tutorial\"  style=\"float:left;\" \/><\/a><p class=\"wp-caption-text\">SSL Certificate Renewal Tutorial<\/p><\/div>\n<p>Adding the big picture around the knowledge presented in <a title='SSL Certificate Primer Tutorial' href='#sslcpt'>SSL Certificate Primer Tutorial<\/a> below, today, we want to fill you in on the deployment of <a target=_blank title='SSL information from Wikipedia ... thanks' href='https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security'>SSL<\/a> (ie. being able to use URLs starting with https:) for a dedicated web server, ours being a CentOS WHM (using cPanel) Apache\/PHP\/MySQL one, the reason being, unless you are getting your dedicated web server maintained elsewhere, there is more you have to do here, as the domain&#8217;s administrator, than if you are using shared hosting (ie. lots of domains sharing the one web server), where the administrators of that web server would be happy to manage this themselves <font size=1>&#8230; but thanks for asking<\/font>.<\/p>\n<p>With a dedicated web server deployment of SSL, for us that being a renewal of SSL (though it may as well be for the first time, regarding the steps (except before the first step, where you have to push your hoster, mine being <a target=_blank title='Crazy Domains' href='http:\/\/www.crazydomains.com.au'>Crazy Domains<\/a>, to install an SSL product (usually not a default, in a hosting package)) in the first place.<\/p>\n<p>Okay, then, who are the &#8220;players&#8221; involved for a dedicated web server deployment of SSL you maintain yourself?<\/p>\n<ol>\n<li>&#8220;Website Administrator&#8221;: you <font size=1>&#8230; doh!<\/font><\/li>\n<li>&#8220;Web Hoster&#8221;: your web hoster, in my case <a target=_blank title='Crazy Domains' href='http:\/\/www.crazydomains.com.au'>Crazy Domains<\/a> (who may have a dedicated email address just for SSL goings on) &#8230; and &#8230;<\/li>\n<li>&#8220;SSL Certifier&#8221;: more than likely your hoster does not create SSL certification as a core business job, so you have SSL Certificate creators (ours, decided by <a target=_blank title='Crazy Domains' href='http:\/\/www.crazydomains.com.au'>Crazy Domains<\/a> when they send out the SSL Product (for renewal), but perhaps you could specify) is <a target=_blank title='Comodo SSL Certificates' href='https:\/\/www.comodo.com\/'>Comodo<\/a><\/li>\n<\/ol>\n<p>Okay, then, what are the &#8220;broad brush&#8221; steps in this renewal of SSL (for a dedicated web server) &#8230;<\/p>\n<ol>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=1'>&#8220;Website Administrator&#8221; gets the heads up that SSL Certification is due for renewal from &#8220;Web Hoster&#8221; (more than likely, via email)<\/a><\/li>\n<li>&#8220;Website Administrator&#8221; (might brush up on the finer details, like at <a target=_blank title='SSL Certificate' href='https:\/\/www.liquidweb.com\/kb\/install-a-ssl-certificate-on-a-domain-using-cpanel\/'>useful webpage<\/a>, thanks, or look to <a title='SSL Certificate Primer Tutorial' href='#sslcpt'>SSL Certificate Primer Tutorial<\/a> below) and remember that for CentOS WHM Apache\/PHP\/MySQL web servers you look to start up cPanel and you could verify the number of web server IP addresses via the <a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=2'>Show IP<\/a> option then perhaps visit one of the <a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=3'><i>whois<\/i> websites<\/a> to see what is shown already about the domain&#8217;s information prior to &#8230;<\/li>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=4'>&#8220;Website Administrator&#8221; reaches cPanel&#8217;s Generate an SSL Certificate and Signing Request option<\/a> (sometimes referred to as &#8220;CSR&#8221;) via looking for &#8220;SSL&#8221; in the search bar<\/li>\n<li>&#8220;Website Administrator&#8221; fills out the &#8220;domains&#8221; field, fairly obviously the most important piece of information to get right<\/li>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=5'>&#8220;Website Administrator&#8221; fills out the rest of that form and clicks the Create button<\/a> &#8230; at which point &#8230;<\/li>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=6'>&#8220;Website Administrator&#8221; should immediately store away (file) copies of the contents<\/a> of &#8230;\n<ul>\n<li>Signing Request<\/li>\n<li>Certificate<\/li>\n<li>RSA Private Key<\/li>\n<\/ul>\n<\/li>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=7'>&#8220;Website Administrator&#8221; emails off, with reference to the SSL product, an email<\/a> attaching those three files, via the email address specified by the &#8220;Web Hoster&#8221; (as required), and explain the context<\/li>\n<li>&#8220;Web Hoster&#8221; will email the &#8220;Website Administrator&#8221; for validation to go ahead and use the information from that previous &#8220;Website Administrator&#8221; email to contact (email) the &#8220;SSL Certifier&#8221; to create the SSL Certificate<\/li>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=8'>&#8220;SSL Certifier&#8221; emails the &#8220;Website Administrator&#8221; requesting the clicking of a link and filling in of a validation code, more than likely<\/a> to verify the validity of the job they have been asked to do<\/li>\n<li>&#8220;SSL Certifier&#8221; will send an email back to &#8220;Web Hoster&#8221; that is most likely to contain a zip file with &#8230;\n<ul>\n<li>SSL Certificate (.crt file)<\/li>\n<li>CA Bundle<\/li>\n<\/ul>\n<\/li>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=9'>&#8220;Web Hoster&#8221; will forward this on, with instructions, to &#8220;Website Administrator&#8221; via email<\/li>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=10'>&#8220;Website Administrator&#8221; reaches cPanel&#8217;s Install an SSL Certificate on a Domain option<\/a> via looking for &#8220;SSL&#8221; in the search bar &#8230; and &#8230;<\/li>\n<li>&#8220;Website Administrator&#8221; fills in that all important domain name field again, then satisfies the three fields &#8230;\n<ul>\n<li>Certificate &#8230; by pasting in &#8220;SSL Certficate (.crt file)&#8221; information above<\/li>\n<li>Private Key &#8230; by pasting in &#8220;RSA Private Key&#8221; information above<\/li>\n<li>Certificate Authority Bundle (optional) &#8230; by pasting in &#8220;CA Bundle&#8221; above<\/li>\n<\/ul>\n<p> &#8230; and click the Install button &#8230; to hopefully have it that &#8230;<\/li>\n<li>&#8220;Website Administrator&#8221; sees a successful installation of SSL Certificate to the relevant domain web server system &#8230; and so &#8230;<\/li>\n<li><a target=_blank title='Click picture' href='http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf#page=11'>&#8220;Website Administrator&#8221; can visit URLs<\/a> like <a target=_blank title='https:\/\/www.rjmprogramming.com.au\/ITblog\/' href='https:\/\/www.rjmprogramming.com.au\/ITblog\/'>https:\/\/www.rjmprogramming.com.au\/ITblog\/<\/a> &#8220;secure&#8221; in the knowledge that valid SSL Certificates are in place<\/li>\n<\/ol>\n<p>Or for our <a target=_blank href=\"https:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_renewal.pdf\">visual learners<\/a>, please enjoy.<\/p>\n<hr>\n<p id='sslcpt'>Previous relevant <a target=_blank title='SSL Certificate Primer Tutorial' href='https:\/\/www.rjmprogramming.com.au\/ITblog\/ssl-certificate-primer-tutorial\/'>SSL Certificate Primer Tutorial<\/a> is shown below.<\/p>\n<div style=\"width: 230px\" class=\"wp-caption alignnone\"><a target=_blank href=\"https:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_certificate.jpg\"><img decoding=\"async\" style=\"float:left;border: 15px solid pink;\" alt=\"SSL Certificate Primer Tutorial\" src=\"http:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_certificate.jpg\" title=\"SSL Certificate Primer Tutorial\"  \/><\/a><p class=\"wp-caption-text\">SSL Certificate Primer Tutorial<\/p><\/div>\n<p>All our recent <a target=_blank title='SSL information from Wikipedia ... thanks' href='https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security'>SSL<\/a> blog postings have been assuming something.  That &#8220;something&#8221; is that the web server you are writing web applications for, and are configuring, has had installed a relevant SSL Certificate to &#8220;work&#8221; and undersign the encryption logic software.<\/p>\n<p>In the case of our RJM Programming domain&#8217;s web server&#8217;s SSL Certificate we turned to our web hoster, <a target=_blank title='Crazy Domains' href='https:\/\/crazydomains.com.au'>Crazy Domains<\/a>, to provide an <a target=_blank title='Crazy Domains SSL package' href='https:\/\/www.crazydomains.com.au\/help\/#sHUda02arWIuEJKB.97'>SSL product<\/a> here, that can go into the makeup of your &#8220;web server&#8221; package.  If your web server is a dedicated web server rather than a shared one, you can decide to install this SSL Certificate yourself, perhaps using <a target=_blank title='OpenSSL information from Wikipedia ... thanks' href='https:\/\/en.wikipedia.org\/wiki\/OpenSSL'><i>OpenSSL<\/i><\/a> based techniques &#8230;<\/p>\n<ul>\n<li><a target=_blank title='What is a CSR?' href='https:\/\/www.crazydomains.com.au\/help\/what-is-a-csr\/#F55Ivd8550QxAkQy.97'>What is a CSR?<\/a><\/li>\n<li><a target=_blank title='Create a CSR for OpenSSL' href='https:\/\/www.crazydomains.com.au\/help\/create-a-csr-for-openssl\/#deByYwCaGpATI32j.97'>Create a CSR for OpenSSL<\/a><\/li>\n<\/ul>\n<p>However you do it, these SSL <i>htt<\/i><i>ps:<\/i> based URLs don&#8217;t just happen without the SSL Certificate arrangements in place.<\/p>\n<p>What are the Pros and Cons of SSL (thanks to <a target=_blank title='SSL Pros and Cons 1 of 3' href='https:\/\/www.ssl.com\/article\/pros-and-cons-of-ssl-https-tls\/'>this webpage<\/a> and <a target=_blank title='SSL Pros and Cons 2 of 3' href='https:\/\/blog.nexcess.net\/2014\/09\/03\/the-pros-and-cons-of-implementing-ssl-https\/'>this webpage<\/a> and <a target=_blank title='SSL Pros and Cons 3 of 3' href='http:\/\/it.toolbox.com\/blogs\/understanding-crm\/pros-and-cons-of-ssl-encription-and-protection-71116'>this webpage<\/a>)?<\/p>\n<table>\n<tbody>\n<tr>\n<th>Pros<\/th>\n<th>Cons<\/th>\n<\/tr>\n<tr>\n<td>Trust<\/td>\n<td>Cost of Certificate<\/td>\n<\/tr>\n<tr>\n<td>Verification<\/td>\n<td>Mixed Content issues<\/td>\n<\/tr>\n<tr>\n<td>Integrity of Data<\/td>\n<td>Proxy Caching<\/td>\n<\/tr>\n<tr>\n<td>Google and SEO<\/td>\n<td>Mobile application issues<\/td>\n<\/tr>\n<tr>\n<td>Prevent data breaches<\/td>\n<td>Performance<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>And now we have a general question and answer session, for beginners, regarding SSL &#8230;<\/p>\n<table>\n<tbody>\n<tr>\n<th>Question<\/th>\n<th>Answer<\/th>\n<\/tr>\n<tr>\n<td>What&#8217;s the go with wildcard (multi-subdomain) SSL Certificates?<\/td>\n<td>Have a read of <a target=_blank title='Multi-subdomain SSL' href='https:\/\/security.stackexchange.com\/questions\/10538\/what-certificates-are-needed-for-multi-level-subdomains'>this webpage<\/a><\/td>\n<\/tr>\n<tr>\n<td>What will happen to <i>htt<\/i><i>ps:<\/i> based URLs should the SSL Certificate expire?<\/td>\n<td>Thanks to <a target=_blank href='http:\/\/yourbusiness.azcentral.com\/happens-ssl-certificates-expire-13831.html' title='Expired SSL Certificate information'>this webpage<\/a> for <\/p>\n<blockquote cite='http:\/\/yourbusiness.azcentral.com\/happens-ssl-certificates-expire-13831.html'><p>An expired SSL certificate may deter website users, but it does not prevent data from flowing securely between the site&#8217;s server and a user&#8217;s browser. A website with an expired certificate will still encrypt outgoing data, and the browser will decrypt the data as it is received. Visitors merely need to verify that they are communicating with the website over a secure connection. This can be done by looking for an &#8220;https:\/\/&#8221; prefix at the beginning of the URL in the browser&#8217;s address bar.<\/p><\/blockquote>\n<\/td>\n<\/tr>\n<tr>\n<td>How can you tell whether an SSL Certificate has been installed on a web browser?<\/td>\n<td>When you try a URL with https: protocol at the start you should get an informational icon to the left of the web address that today&#8217;s <a target=_blank href=\"https:\/\/www.rjmprogramming.com.au\/wordpress\/ssl_certificate.jpg\" title='Click picture'>tutorial picture<\/a>  shows and more is explained at <a target=_blank title='SSL Certificate details' href='https:\/\/help.crucial.com.au\/hc\/en-gb\/articles\/202376474-How-do-I-verify-my-SSL-Certificate-details-expiry-date-'>this webpage<\/a><\/td>\n<\/tr>\n<tr>\n<td>Can you have an SSL Certificate installed correctly but not get the web browser padlock happening that shows encryption is happening?<\/td>\n<td>You bet, either if you are accessing a subdomain not covered by the certificate, or if the certificate cover &#8220;breaks&#8221; because of &#8220;Mixed Content&#8221;, like we have been raving about with recent blog postings.<\/td>\n<\/tr>\n<tr>\n<td>What&#8217;s the latest on that SSL &#8220;hack&#8221; problem from recent times?<\/td>\n<td>Have a look through <a target=_blank title='Google search' href='https:\/\/www.google.com.au\/search?q=SSL+hacking+issue&#038;ie=utf-8&#038;oe=utf-8&#038;client=firefox-b-ab&#038;gfe_rd=cr&#038;ei=6TkMWaODDbTr8AfZiZj4Bw'>this Google search<\/a><\/td>\n<\/tr>\n<tr>\n<td>How can I tell if a domain uses a dedicated web server or uses a shared web server?<\/td>\n<td>Report at <a target=_blank title='Web hosting report' href='https:\/\/check-host.net\/ip-info'>this webpage<\/a> could help.<\/td>\n<\/tr>\n<tr>\n<td>How can the search engines get to notice newly encryptable SSL <i>htt<\/i><i>ps:<\/i> based URLs?<\/td>\n<td><a target=_blank title='Google Webmasters' href='https:\/\/www.google.com\/webmasters\/'>Google Webmasters<a> recommends <\/p>\n<blockquote cite='https:\/\/support.google.com\/webmasters\/answer\/93633?hl=en'><p>Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.<\/p><\/blockquote>\n<p> &#8230; but we have more work to do before this.<\/td>\n<\/tr>\n<tr>\n<td>Why is an SSL duck?<\/td>\n<td>Because it flies so high.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Hope this has some pointers for a web server SSL quest you are thinking of embarking on.<\/p>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d30055' onclick='var dv=document.getElementById(\"d30055\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"https:\/\/www.rjmprogramming.com.au\/ITblog\/tag\/ssl\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d30055' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n<hr>\n<p>If this was interesting you may be interested in <a title='Click here to see topics in which you might be interested' href='#d32999' onclick='var dv=document.getElementById(\"d32999\"); dv.innerHTML = \"&lt;iframe width=670 height=600 src=\" + \"https:\/\/www.rjmprogramming.com.au\/ITblog\/tag\/ssl-certificate\" + \"&gt;&lt;\/iframe&gt;\"; dv.style.display = \"block\";'>this<\/a> too.<\/p>\n<div id='d32999' style='display: none; border-left: 2px solid green; border-top: 2px solid green;'><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Adding the big picture around the knowledge presented in SSL Certificate Primer Tutorial below, today, we want to fill you in on the deployment of SSL (ie. being able to use URLs starting with https:) for a dedicated web server, &hellip; <a href=\"https:\/\/www.rjmprogramming.com.au\/ITblog\/ssl-certificate-renewal-tutorial\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,37],"tags":[1724,195,2551,249,270,2195,2196,355,380,386,611,629,672,1114,1682,2193,2329,1235,1748,1408,1411,1426],"class_list":["post-32999","post","type-post","status-publish","format-standard","hentry","category-elearning","category-tutorials","tag-administrator","tag-centos","tag-certificate","tag-configuration","tag-cpanel","tag-crazy-domains","tag-csr","tag-domain","tag-email","tag-encryption","tag-install","tag-ip-address","tag-key","tag-security","tag-ssl","tag-ssl-certificate","tag-ssl-certifier","tag-system-administrator","tag-web-host","tag-web-hosting","tag-web-server","tag-whm"],"_links":{"self":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/32999"}],"collection":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/comments?post=32999"}],"version-history":[{"count":17,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/32999\/revisions"}],"predecessor-version":[{"id":33020,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/posts\/32999\/revisions\/33020"}],"wp:attachment":[{"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/media?parent=32999"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/categories?post=32999"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rjmprogramming.com.au\/ITblog\/wp-json\/wp\/v2\/tags?post=32999"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}