In this tutorial, we will be outlining a handy way of getting HTTPS enabled on all of your domains by using SSL’s to provide the first step in that process.
Domains secured with SSL’s are needed more often every day. If you don’t yet have an SSL on your site to encrypt your data passing over the net, you should reconsider this decision. Rather than showing an extra layer of security, modern browsers instead now display a warning when a website does not have an SSL. This essentially requires sites to maintain a positive image by adding an SSL.
Let’s Encrypt has become a very popular solution for every sized business concerned with securing its connections to its website. To aid in implementing this, we recommend using Certbot. Certbot is a open source, free software tool for automatically installing and renewing SSLs certificates. Certbot implements these SSLs by working closely with Let’s Encrypt, the well known SSL provider, by creating the SSL’s for the server. Best news of all? Let’s Encrypt is completely free!
You have invested your time and money and worked hard to build the perfect website that clearly reflects the amazing features of all of your products. You are finally ready to launch but, you also want to ensure that when your clients go to buy one of your products, their transactions are safe and secure. You may be thinking to yourself…
The security of your website is vital to the success of your Internet business. One way you can protect your data (and your customers) is through the use of encrypted communication protocols. Secure Socket Layer (or SSL) was the original method of providing for basic encryption between servers and clients. The industry mostly uses Transport Layer Security (or TLS) protocols now, but the process is basically the same, and most users refer to this kind of encryption by the old name: SSL. As part of our Web Hosting Toolkit, Liquid Web provides and SSL Tool to help you verify that your SSL is installed correctly and up-to-date. Below is an insight on how to use this tool and as well as some core concepts and certificates types to know when dealing with SSL.
SSL Certificate Checker
You’ll want to confirm that everything is functioning correctly on the server once you’ve successfully ordered and installed your SSL. At this time, you’ll want to check on your domain SSL’s to confirm expiration dates, covered subdomains, or other information. While you can use various third-party SSL checkers on the Internet, Liquid Web makes gathering this information about your domain simple. Just go to the Liquid Web Internet Webhosting Toolkit page and click on SSL Tool.
How Do I Check If My SSL Certificate is Valid?
Enter your domain name in the box provided and click on Submit. You can enter either your primary domain name (like mydomain.com) or any of the subdomains you may have created SSL certificates for (like blog.mydomain.com). If an SSL certificate is installed on the server for the domain, the page will display the status of the certificate and additional information.
In this example, you can see that the certificate is valid and trusted by browsers and that the tested domain matches the certificate.
You can also see which Certificate Authority issued the certificate and the dates for which the certificate is valid.
Finally, you can see which signing algorithm was used to generate the certificate (indicating how complex and secure the certificate is) and which domains and subdomains are covered by the certificate.
How SSLs Work
SSL connections work through a series of tools that exist on your server and on a client’s web browser. At the simplest level, the server and a client computer exchange information and agree on a secret “handshake” that allows each computer to trust the other computer. This handshake is established through the use of private and public SSL certificate keys. The private key resides on the server, and the public key is available to a client computer. All information passed between the computers is encoded and can only be decoded if the keys match. These keys are generated by a Certificate Authority (like GlobalSign) and can vary in complexity and expiration date. These matched keys exist to prevent what are known as “man in the middle” attacks when a third-party intercepts the Internet traffic for the purpose of stealing valuable data (like passwords or credit card information). Because the third-party doesn’t possess the matching keys, they will be unable to read any of the intercepted information.
By using a trusted certificate, your website users can enter their information with full confidence that their data is safe. Certificate Authorities only grant SSL certificates to operators who can prove that they are the legitimate owner of a domain and that the domain is hosted on the server for which the certificate is being issued. This proof is usually obtained by modifying the DNS records for a domain during the verification process of the certificate ordering transaction. To learn more about how to order an SSL through your Liquid Web account, see How To Order or Renew an SSL Certificate in Manage.
Types of SSL Certificates
While SSL certificates all provide the same essential functions, there are several different types of certificates to choose from. You’ll want to establish which certificate meets your needs before you decide to order one for your domain. The types we’ll discuss here are Self-Signed Certificates, Standard Domain Certificates, Wildcard Certificates, Extended Validation Certificates.
Most servers have the capability of generating a Self-Signed SSL certificate. These certificates provide the same kinds of encrypted communication that certificate provided by Certificate Authorities provide. However, because they are self-signed, there is no proof that the server is the “real” server associated with a website. Many control panels use self-signed certificates because the owner of the server knows the IP address of the server and can trust that they are connecting to the correct site when using that IP address. The advantage of self-signed certificates is that they are easy to generate and are free to use for as long as you want to use them.
Standard Domain Certificates
If you only need to secure a single domain or subdomain, a standard domain SSL certificate is appropriate. Standard certificates are generally the least expensive option from Certificate Authorities and are designed to cover one domain or subdomain (generally both domain.com and www.domain.com are covered by a standard certificate).
If you have multiple subdomains, you may be able to save time and money by getting a wildcard SSL certificate. Wildcard certificates cover a domain and all of its subdomains. For instance, if you have a domain website that also has a mail subdomain, a blog, a news site, and a staging site that you want to be protected by SSL communication, a single wildcard would protect all of the sites.
A wildcard certificate will only protect one level of subdomains. So, blog.mydomain.com is covered, but new.blog.mydomain.com would not be covered.
Extended Validation Certificates
SSL certificates are generally issued to companies that can prove they have the right to use a domain name on the Internet (normally because they can modify the DNS records for that domain). While that level of verification is sufficient for most companies, you may need to have additional evidence that your company is a reliable entity for business purposes. Organizational SSL certificates require additional vetting by a Certificate Authority, including checks about the physical location of your company and your right to conduct business. Organizational SSL details can be visible on your website if you install a Secure Site Seal. Additional vetting is available for companies that choose Extended Validation SSL certificates. Extended Validation processes are often used by banks and financial institutions to provide extra reassurance to their customers that their website is legitimate. EV SSLs will turn the address bar of the client’s browser green and display the company’s name on the right side of the address bar.
If you need help determining which type of SSL is right for your business, chat with our Solutions team for additional information.
Now that you’ve checked the details of your SSL certificate and confirmed that all of the information is correct, you’ll be sure that the communications between your server and your customer’s computers are secure as that information travels over the Internet. For more information about improving the overall security of your server, see Best Practices: Protecting Your Website from Compromise.
If there is one truth in the world of web hosting, it is that we always need more information. Information about configurations, servers, connections, delivery speeds and networking is essential in troubleshooting and optimizing our web presence. While this kind of information can be gathered from various providers and sites across the Internet, Liquid Web has developed a one stop shop toolkit to gather some of the most vital troubleshooting tools in one convenient interface designed to make your life easier.
Sites with SSL are needed more and more every day. It’s ubiquitious enforcement challenges website encryption and is even an effort that Google has taken up. Certbot and Let’s Encrypt are popular solutions for big and small businesses alike because of the ease of implementation. Certbot is a software client that can be downloaded on a server, like our Ubuntu 18.04, to install and auto-renew SSLs. It obtains these SSLs by working with the well known SSL provider called Let’s Encrypt. In this tutorial, we’ll be showing you a swift way of getting HTTPS enabled on your site. Let’s get started! Continue reading “How to Setup Let’s Encrypt on Ubuntu 18.04”→
The hosting world’s bread & butter solution for providing high availability and redundancy is load balancing. There are many different use cases for a Load Balancer (LB). It is important to know how to effectively manage your LB configuration so that it performs optimally in your environment. The proceeding article will review some of the common practices that, when adhered to, provide a smooth and seamless high availability website/application through the use of load balancing. Continue reading “Load Balancing Techniques and Optimizations”→
SSL Certificates secure the web today using Transport Layer Security (TLS). This is a network protocol which encrypts the data between the web server and the visitor. Most websites today are using SSL, and you can see this every time a website starts with https:// instead of http://. This indicates the website is securely encrypting data between you and the server so that no attackers can easily sniff the network packets and capture your logins.
SSL protects the web today and is utilized by almost every corporation and business and acts first step in user security. SSL is a way to protect logins and forms that you enter from being intercepted unknowingly by a 3rd party on your network. If your website does not incorporate SSL, we suggest implementing it as soon as possible, and you can use our guide to do it!
Generating the Certificate Request (CSR)
Before ordering your SSL, you will need to create a certificate request for the certificate authority to issue an SSL.
Step 1: To begin, the first thing you need to do is open IIS. If you do not have a shortcut for it, you can search your computer for inetmgr.exe and open it that way. From here you will click on your server name:
Step 2: Then double-click “Server Certificates“.
Step 3: Once you have done that, you are ready to create your certificate request.
On the right-hand side, select ‘Create Certificate Request‘
At this point, you will be asked for information about the certificate and the company requesting the certificate.
Once you have filled this out, click Next.
It will bring you to the following screen:
Step 4: We suggest using the settings above, making sure the BitLength is set to 2048 or higher. We like to go with 4096 and click Next. On the subsequent screen, you need to specify a filename where your Certificate Request or CSR can be exported. For simplicity, we would like to export the CSR to C:\example.com.csr.txt
Ordering the SSL
At this point, you are ready to order your SSL certificate!
Step 1: Go ahead and go to your chosen SSL provider, whether it be GlobalSign, Liquid Web, or any numerous other certificate authorities.
Step 2: When you are signing up for the SSL, it will ask you for the CSR data we saved at C:\example.com.csr.txt – Copy and paste the contents into the certificate authorities website and it will generate all the same fields we entered in the previous steps.
Step 3: Finish your order, and they will provide you with a .crt certificate file. Download this file and copy it to your web server. For simplicity, copy it to C:\example.com.cer
Great! Now you have created a certificate request and completed it with the certificate authority and have your new SSL certificate ready to be installed.
Installing the Certificate in IIS
Step 1: Open up IIS/inetmgr.exe and navigate to the server as we did in the beginning.
Step 2: Navigate to Server Certificates. Now, instead of selecting ‘Create Certificate Request’ you will select ‘Complete Certificate Request‘
Step3: It will prompt you for the location of the new certificate, which we saved at C:\example.com.cer and to make things easier on ourselves later, we will name the friendly name example.com-01so that we know this is the first SSL for this domain in case we want to renew it later. Once you hit OK, you should see your certificate in the list of server certificates in IIS.
Great! Now you have generated the certificate request, completed it, and installed your certificate on your web server. Now you need to bind the certificate to your website.
Binding the SSL Certificate to a Website
Step 1: In IIS, browse to Sites>example.com (where you want the SSL certificate installed).
Step 2: Right-click on your site and select ‘Edit Bindings‘ or if you click on the site, you will see Bindings on the right-hand side.
This will open a window that looks like the following:
Step 3: If you already have the https binding setup for your site, you will simply double-click on the https bindings and select the desired SSL certificate from the drop-down. If you haven’t created an https entry in your bindings already, click Add. On the right-hand side and you will see the following window:
Step 4: First, set the Type to https so your website knows the request is for a secured URL.
You will want to set the IP Address as needed based on your host. In my case, All Unassigned. Port should be automatically set to 443, if not, do so. (This is the port defined for secured communications.)
Step 5: Set the Host Name to example.com (your domain). In most cases, you will want to check Require Server Name Indication. In our case, we do not need it because this is the only certificate on this IP address. Select your SSL certificate from the drop-down!
Select OK and do it all again, this time instead of setting the hostname to example.com, you will want to set it to www.example.com. This is because we only set it up for requests from https://example.com, but https://www.example won’t register as secured until we add the second binding entry.
If you are setting up a wildcard SSL, you will want to add a third entry for *.example.com so that it can secure any subdomain of your website.
Testing Your New SSL
First, you will want to access your domain at https://example.com and https://www.example.com to see if there are any errors. An easy way to tell if the certificate is functioning properly is to input your domain into SSL Shopper. Try it with and without the “www” to confirm both work. If everything is working, you should see several green checks and no errors. The certificate expiration date will be at least one year from the day you ordered the SSL originally.
That’s it! You have successfully installed a brand new SSL for your website that works both with www and without it. Congratulations! Now you can follow these steps to secure all of your websites and applications.
Liquid Web makes it easy to purchase new SSLs. Simply log in to manage.liquidweb.com, clicking Add, and select SSL Certificate. Here you can simply input the CSR you generated in Step 1, and it will order an SSL and give you back the certificate file needed to complete the installation.
If you have a Core-Managed Windows server at Liquid Web, we can help you through this process and diagnose any issues you may have run into. We also assist with SSL on Self-Managed if they buy the SSL from Liquid Web.
With the recent release of cPanel & WHM version 58 there has been the addition of an AutoSSL feature, this tool can be used to automatically provide Domain Validated SSLs for domains on your WHM & cPanel servers.
Initially this feature was released with support provided for only cPanel (powered by Comodo) based SSL certificates, with the plans to support more providers as things progressed. As of now, cPanel & WHM servers running version 58.0.17, and above, can now also use Let’s Encrypt as an SSL provider. More information on Let’s Encrypt can be found here. Continue reading “Enabling Let’s Encrypt for AutoSSL on WHM based Servers”→