Get the most out of your Centmin Mod LEMP stack
Become a Member

SSL sslspdy.com switches from Comodo Essential SSL to Wildcard SSL certificate

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Oct 25, 2014.

Tags:
  1. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    12:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    sslspdy.com has switched from Comodo Essential SSL certificate to GGSSL Wildcard SSL certificate (generic brand for Comodo Wildcard SSL) so I can create unlimited subdomains *.sslspdy.com web sites which are all protected and covered by https and SPDY SSL. Afterall, https / SSL is part of Google's search engine ranking algorithms now :D

    With Wildcard SSL certificate, I can create many subdomain *.sslspdy.com web sites that run via https and SPDY/3.1 SSL all with the single Wildcard SSL certificate which standard SSL certificates can not do as they only cover www and non-www domain.com.

    So I can create as many https based subdomains as I want off my sslspdy.com domain
    • https://blog.sslspdy.com
    • https://news.sslspdy.com
    • https://community.sslspdy.com
    • https://forums.sslspdy.com
    • https://gallery.sslspdy.com
    • https://wiki.sslspdy.com
    • https://shop.sslspdy.com
    The sslspdy.com site is my test site for deploying ECC 256 bit SSL certificates with ECDSA digital signature algorithm and to test web browser compatibility and other issues which may arise due to the newer ECC/ECDSA exchange mechanisms. You can read more about ECC SSL certificates at the links listed below:

    SSL Wildcard Nginx Configuration



    For Centmin Mod LEMP's Nginx SPDY/3.1 SSL setup for GGSSL Wildcard SSL certificate the same steps outlined at Nginx HTTPS / SSL Google SPDY configuration are needed. Just the certificate names differ.

    For GGSSL Wildcard with CSR code generated via ECC 256 bit keys & ECDSA digital signature, you will end up the following certificates provided by Comodo.
    • Root CA Certificate - AddTrustExternalCARoot.crt
    • Intermediate CA Certificate - COMODOECCAddTrustCA.crt
    • Intermediate CA Certificate - COMODOECCDomainValidationSecureServerCA.crt
    • Your GGSSL Wildcard SSL - STAR_sslspdy_com.crt
    Creating the sslspdy.com-unified.crt and sslspdy.com-trusted.crt files for Nginx vhost involve the following:

    Code:
    cat STAR_sslspdy_com.crt COMODOECCDomainValidationSecureServerCA.crt COMODOECCAddTrustCA.crt > sslspdy.com-unified.crt
    
    Code:
    cat COMODOECCAddTrustCA.crt COMODOECCDomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > sslspdy.com-trusted.crt
    Using Centmin Mod .08 beta for Nginx compilation with following settings:

    Code:
    --------------------------------------------------------
    Centmin Mod 1.2.3-eva2000.08 - http://centminmod.com
    --------------------------------------------------------
                       Centmin Mod Menu                
    --------------------------------------------------------
    1).  Centmin Install
    2).  Add Nginx vhost domain
    3).  NSD setup domain name DNS
    4).  Nginx Upgrade / Downgrade
    5).  PHP Upgrade / Downgrade
    6).  XCache Re-install
    7).  APC Cache Re-install
    8).  XCache Install
    9).  APC Cache Install
    10). Memcached Server Re-install
    11). MariaDB 5.2, 5.5, 10 Upgrade Sub-Menu
    12). Zend OpCache Install/Re-install
    13). Install ioping.sh vbtechsupport.com/1239/
    14). SELinux disable
    15). Install/Re-install ImageMagick PHP Extension
    16). Change SSHD Port Number
    17). Multi-thread compression: pigz,pbzip2,lbzip2,p7zip etc
    18). Suhosin PHP Extension install
    19). Install FFMPEG and FFMPEG PHP Extension
    20). NSD Re-install
    21). Update - Nginx + PHP-FPM + Siege
    22). Exit
    --------------------------------------------------------
    Enter option [ 1 - 22 ] 4
    --------------------------------------------------------

    SSL Wildcard Web Browser



    Opera 25 sees sslspdy.com SSL Wildcard certificate as follows


    sslspdycom_opera25_browser_00.png

    CSR code is generated using ECC 256 bit and sha256 signatures

    sslspdycom_opera25_browser_01.png

    GGSSL Wildcard = Comodo Wildcard. Premium Forum users can get GGSSL Wildcard certificates quite cheaply ;)

    sslspdycom_opera25_browser_02.png

    sslspdy.com ssllabs results



    ssllabs test result Qualys SSL Labs - Projects / SSL Server Test / sslspdy.com

    Centmin Mod Nginx LEMP web stack with Nginx 1.7.6 + OpenSSL 1.0.2 beta 4 with ECC 256 bit SSL certificate and ECDSA digital signature with CSR created with sha256 on Centmin Mod Nginx Spdy/3.1 SSL with OpenSSL 1.02-beta4 with added chacha20_poly1305 cipher support + Cloudflare RC4 Kill patch for OpenSSL.

    SSL 3.0 is disabled to prevent POODLE SSLv3 vulnerability - until web browsers catch up with TLS_FALLBACK_SCSV support on the web client end. CentOS 6.5 64bit server already TLS_FALLBACK_SCSV support on server side via OpenSSL 1.0.1j statically compiled for Nginx web server and CentOS system OpenSSL 1.0.1e-30.el6_5.2.

    sslspdycom_ssllabs_test_251014_00.png

    sslspdycom_ssllabs_test_251014_01.png

    sslspdycom_ssllabs_test_251014_02.png
     
    Last edited: Oct 26, 2014
  2. Andy

    Andy Active Member

    540
    89
    28
    Aug 6, 2014
    Ratings:
    +132
    Local Time:
    9:37 PM
    I couldn't find any url on the GGSSL Wildcard SSL. How much per year, etc. They have many similar SSL and I'm not sure which one you used, George.
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,488
    12,130
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,672
    Local Time:
    12:37 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    right here 2nd post Premium User Membership Explained | Centmin Mod Community

    Code:
    GoGetSSL (Comodo) Wildcard SSL
    Domain validated certificate
    Single Domain SSL
    Secures both, domain & subdomain
    Secure Unlimited subdomains
    Support 128bit and 256bit encryption
    Key length: 2048 bit digital signatures
    Free Reissues
    Free secure site seal
    Green Address bar: No
    Wildcard enabled: Yes
    
    1yr: US$47.50
    2yr: US$85.00 (US$42.50 /yr)
    3yr: US$119.00 (US$39.67 /yr)