Welcome to Centmin Mod Community
Become a Member

SSL How to install an ssl certificate?

Discussion in 'Domains, DNS, Email & SSL Certificates' started by pamamolf, Jul 23, 2014.

Tags:
  1. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    4:43 AM
    Nginx-1.25.x
    MariaDB 10.3.x
    Hi

    How can i install an ssl certificate on centminmod server?

    Is there any ttorial for this?

    Can this be added as an automated process as a sub menu or an addon ?


    Thanks :)
     
  2. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    11:43 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. nehafarzana

    nehafarzana New Member

    12
    1
    3
    Jul 24, 2014
    Ratings:
    +1
    Local Time:
    7:13 AM
    1.7.3
    5.5.38
    [​IMG]
    Hello George,
    I've received SSL certificate file from namecheap.com which contains those 4 files. What will be the best method to create ssl-unified.crt and ssl-trusted.crt using those?
     
    Last edited by a moderator: Jun 3, 2016
  4. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    11:43 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Which SSL certificate ?

    Different SSL certificates have different file combinations, some listed below and how to create the relevant files for Nginx

    » EV/EV SGC SSL
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: COMODOAddTrustServerCA.crt
    » Intermediate 2: COMODOExtendedValidationSecureServerCA.crt
    » End-Entity/Domain Certificate

    » InstantSSL/IntranetSSL/EnterpriseSSL/Unified Communications (UCC)
    » Root: AddTrustExternalCARoot.crt
    » Intermediate: ComodoHigh-AssuranceSecureServerCA.crt
    » End-Entity/Domain Certificate

    » ComodoSSL / ComodoSSL Wildcard / ComodoSSL UCC
    » Root: AddTrustExternalCARoot.crt
    » Intermediate: ComodoSSLCA.crt
    » End-Entity/Domain Certificate

    » EssentialSSL / Free Certificate
    » Root: AddTrustExternalCARoot.crt
    » Intermediate 1: UTNAddTrustSGCCA.crt
    » Intermediate 2: ComodoUTNSGCCA.crt
    » Intermediate 3: EssentialSSLCA_2.crt
    » End-Entity/Domain Certificate

    » PositiveSSL
    » Root: AddTrustExternalCARoot.crt
    » Intermediate: PositiveSSLCA2.crt
    » End-Entity/Domain Certificate

    With http://centminmod.com/nginx_configure_https_ssl_spdy.html

    for PositiveSSL
    Code:
    cat www_yourdomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > ssl-unified.crt
    cat PositiveSSLCA2.crt AddTrustExternalCARoot.crt > ssl-trusted.crt
    
    for ComodoSSL / ComodoSSL Wildcard / ComodoSSL UCC
    Code:
    cat www_yourdomain_com.crt ComodoSSLCA.crt AddTrustExternalCARoot.crt > ssl-unified.crt
    cat ComodoSSLCA.crt AddTrustExternalCARoot.crt > ssl-trusted.crt
    
    for EV/EV SGC SSL
    Code:
    cat www_yourdomain_com.crt COMODOAddTrustServerCA.crt COMODOExtendedValidationSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-unified.crt
    cat COMODOAddTrustServerCA.crt COMODOExtendedValidationSecureServerCA.crt AddTrustExternalCARoot.crt > ssl-trusted.crt
     
  5. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    11:43 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    There seems to be another combination for Comodo SSL certificates as I found out setting up my test site at sslspdy.com - Nginx + Google SPDY/3.1 SSL
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODOECCAddTrustCA.crt
    • Intermediate CA Certificate - COMODOECCDomainValidationSecureServerCA.crt
    • Your SSL Certificate - sslspdy_com.crt
    So you can setup Centmin Mod Nginx SSL with either one of two configurations with or without root CA as it isn't needed as most browsers already have the root CA and proceed with guide at Nginx HTTPS / SSL Google SPDY configuration

    with root CA
    Code:
    cat sslspdy_com.crt COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt AddTrustExternalCARoot.crt > sslspdy.com-unified.crt
    
    cat COMODOECCAddTrustCA.crt COMODOECCDomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > sslspdy.com-trusted.crt
    
    without root CA
    Code:
    cat sslspdy_com.crt COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt > sslspdy.com-unified.crt
    
    cat COMODOECCAddTrustCA.crt COMODOECCDomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > sslspdy.com-trusted.crt
    
     
    Last edited: Aug 3, 2014
  6. nehafarzana

    nehafarzana New Member

    12
    1
    3
    Jul 24, 2014
    Ratings:
    +1
    Local Time:
    7:13 AM
    1.7.3
    5.5.38
    @eva2000
    Great, it's working nice on my domain. Just another question about SSL as I'm new to SSL, I bought the SSL certificate from Namecheap which is $1.99/year. Can that be used for subdomain too?
     
  7. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    11:43 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    @nehafarzana unfortunately that SSL certificate is cheap as it's only for single domain + 1 hostname usually www. version of the domain. So you are SSL covered for yourdomain.com and www.yourdomain.com.

    For subdomains, you need SSL wildcard certificate to cover yourdomain.com and unlimited *.yourdomain.com subdomains. Of course SSL wildcard certificates are much more expensive.

    However, I have plans for premium forum user upgrades which will bundle cheaper standard SSL and SSL wildcard certificates for Centmin Mod premium members SSL Certificates - which do you use and how much ? | Centmin Mod Community Exact details are still being worked on but if you have alot of domains needing SSL, you could end up saving $100s per year in SSL certificate costs ;)

    Of course no way as cheap as Namecheap's promo first year US$1.99 offer but cheaper than their renewal costs :D
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    11:43 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  9. nVidian

    nVidian Member

    97
    8
    8
    Mar 16, 2015
    Ratings:
    +31
    Local Time:
    8:43 AM
    1.7.9
    5.5
    How about Comodo Essential SSL ? Thanks

    UPDATE: Never mind, I figure it out. But now my website run bit slow.
     
    Last edited: Mar 16, 2015
  10. eva2000

    eva2000 Administrator Staff Member

    53,190
    12,113
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,649
    Local Time:
    11:43 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah should be similar to setup for Essential

    as to slowness depends on how well your server specs are too to handle SSL and make sure you enable SPDY SSL Nginx HTTPS / SSL Google SPDY configuration