SSL - Secure Sockets Layer

SSL - Secure Sockets Layer

June 27, 2019 , by Jinna

What is SSL?

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

What is SSL

Step 1. Buy the SSL from the provider,

In current docs I exaplin about godaddy, follow

Step 2. Generate CSR

How you generate a .csr depends on the type of certificate you’re requesting and your operating system.

  • SSH into your server
  • Gnerate crt using openssl with following command
    openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr
    
  • Here is the godaddy docs

Step 3. Generate .crt file from the SSL Provider

Above step will generate the csr file copy that into the ssl provider and get the .crt file which can be used for the SSL management of the website.

Here is how we can generate .crt file

  • Next go to the SSL management section of your GoDaddy account and click “Manage” next to the certificate you want to use. Click on the “Re-Key” and cut and paste the results of the CSR above into the re-key request. Finish the process completely.

  • Steps for godaddy SSL certificate configuration here

  • After generating the .crt file, you will download a zipfile contrains the

Step 4. Concatinate the intermidiate and budle .crt files to generate

A common practice, then, is to bundle these all up into one file – your certificate, then the signing certificates. But since they aren’t easily distinguished, it sometimes happens that someone accidentally puts them in the other order – signing certs, then the final cert – without noticing. In that case, your cert will not match your key.

cat certificate.crt ca_bundle.crt > bundle_chained.crt

Here is the related issues with X509_check_private_key:key values mismatch, stackoverflow answer

Here is the example for nginx ssl certificate conf

server {
    listen              443 ssl;
    server_name         www.example.com;
    ssl_certificate     bundle_chained.crt;
    ssl_certificate_key example.key;
    ...
}
# security