How Do I Correct Common Name on Self-Signed Ssl Certificate

Document Sample
How Do I Correct Common Name on Self-Signed Ssl Certificate Powered By Docstoc
					            https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140




               User Guide - Using mod_ssl (SSL Certficates)

                                                  Author:
                                                  eApps
                                 Created On: 02 Feb 2008 06:19 PM


Applicable Plans - All General VPS Plans

User Guide - Using mod_ssl (SSL Certificates)
"mod_ssl is an optional module for the Apache HTTP Server. It provides strong cryptography for the
Apache v1.3 and v2 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer
Security (TLS v1) cryptographic protocols by the help of the Open Source SSL/TLS toolkit
OpenSSL" from http://en.wikipedia.org/wiki/Mod_ssl

Overview
Secure Sockets Layer (SSL) is a cryptographic protocol that provides secure communication on the
Internet for web pages, and other data transfers. SSL relies on key files that are installed on the
server and used in the encryption process. These key files can be created easily, but are usually
issued and certified by a commercial certificate authority. The certification process helps to reassure
visitors to the site that the site is owned and operated by a legitimate business.

Generally, the more expensive the SSL Certificate, the more thorough the check by the SSL
Certificate Authority to verify the site owners and business, and those SSL certificates have a higher
level of trust by consumers. Those SSL certificates also take longer to issue.

eApps Hosting sells SSL Certificates from Globalsign and AlphaSSL. You can also install a
self-signed SSL certificate, or purchase an SSL certificate from a third party vendor.

mod_ssl Installation and Requirements
Installing mod_ssl
Requirements for using mod_ssl

Using mod_ssl to secure your websites
SSL Certificates Overview
Installing a self-signed SSL certificate
Purchasing a commercial SSL certificate from eApps
Purchasing a Commercial SSL Certificate from a 3rd Party Vendor

Common Issues using SSL
Images and Graphics are not using SSL
Links to off-site content are not using SSL
Forcing site visitors to use SSL


                                                  Page 1/12
                                         Powered By Kayako SupportSuite
             https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



Links to other information


mod_ssl Installation and Requirements
Installing mod_ssl
The mod_ssl module is available on all eApps General VPS hosting plans, and all operating
systems (Fedora Core, CentOS 4 and CentOS 5). It is not installed by default.

To check if mod_ssl is installed, go to the Control Panel, and click on the System Tab. If necessary,
click on the Select Another System (Subscription) link on the left and choose the correct Virtuozzo
container.

Then click on All Applications. On CentOS 5 VPSs, the mod_ssl application will be listed like this:
Mod_ssl. For CentOS 4 and Fedora VPSs the mod_ssl application will be listed like this: Apache
module mod_ssl.

If mod_ssl is not installed, then click on Add Application, and look for the mod_ssl application in the
list of applications to install. Check the box next to the application, and then scroll down and click
Next.

This takes you back to the All Applications screen. Wait for around five minutes, and then click on
the Refresh link at the upper right, just under the word Parallels. The application should now show
as installed. If it still shows as Scheduled, wait another five minutes, and click refresh again. If it still
shows as Scheduled, or in Error, please contact eApps Technical Support.

Requirements for using mod_ssl
To use mod_ssl, each site that uses SSL must have a dedicated IP address. Each eApps VPS
comes with one dedicated IP address, and that can be used to secure one site using SSL. If you
have more than one site that you want to use SSL for, you will need to purchase an additional IP
address for each site that will have an SSL certificate.


Purchasing a new IP address
To purchase another IP address, go to the Control Panel, System tab. If necessary, click on the
Select Another System (Subscription) link on the left to select the correct Virtuozzo container.

Then, click on the Upgrade Center tab, and then Buy Resources. The first listing in Buy Resources
is Number of Static IP addresses. The Current Limit shows how many IP addresses (units) are
currently assigned to the VPS. To increase this number, put the number of IP addresses you want to
purchase in New Limit, plus your existing limit. For example, if you wanted to purchase one
additional IP address, put the number 2 in the New Limit box.



Scroll down and click Next, and then follow the steps to purchase the new IP address. Once the
order is processed, your new IP address will be available. It make take up to an hour for your order


                                                   Page 2/12
                                          Powered By Kayako SupportSuite
            https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



to be processed, so please be patient if your IP address does not show up immediately.

If your subscription renewal date is close, the cost of the IP address may show as less than the
normal $2 a month. In this case, you will only have a Pay Offline option, because the PBA Control
Panel cannot process payments of less than one dollar. Please contact our Billing department to
make the payment: billing@eapps.com or +1 770 448 2100 option 0 (zero). Have your domain name
or invoice ID number ready.

To see if your new IP address is available for use, go back to the System tab for that subscription,
and click on Server Info. All the IP addresses for that VPS will show in the IP Addresses section.




Installing a new IP address on a site
Once the new IP address is provisioned, click on the Site tab, and if necessary click on Select
Another Site, and choose the site you want to add the new IP address to.

Click on Website Settings, then scroll down and click on Configure. In the General Settings section,
click on the drop down menu for IP Address and choose the new IP address for this site. Make sure
that the box for Share IP addresses with other websites is unchecked. Scroll down and then click on
Update to change the IP address for the site.



At this point, the PBA Control Panel software will start the process of changing the IP address for
the A record for the domain in the System Tab, All My Domains, as well as changing the DNS
records for the site. Please allow about 10 minutes for the Control Panel to complete this task, and
allow several hours for the DNS changes to propagate across the Internet. During that time, the site
may appear to be visible at both IP addresses, but this is a temporary issue and will be resolved as
soon as all the DNS propagation is complete.

If you do not start to see the site showing the correct IP address within two hours, please contact
eApps Support so that we can verify that the correct Control Panel changes took place.



Using mod_ssl to secure your websites
Once mod_ssl is installed, you can begin using it to secure your sites. This is done by installing an
SSL Certificate - either one that is self-signed, or purchased from a commercial Certificate Authority.


SSL Certificates Overview
Self-Signed SSL Certificate
For small websites which are mostly used by a group of employees or a specific group (such as a
web mail application) you can choose to install a self-signed SSL certificate.


                                                  Page 3/12
                                         Powered By Kayako SupportSuite
            https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



A self-signed SSL certificate is not signed or issued by an actual Certificate Authority, it is signed
with your own site details. The advantage of this is that self-signed SSL certificates are free. The
disadvantage is that a warning will always be displayed to the end user that their data is encrypted,
but that the SSL certificate being used has not been independently verified. This is a red flag to any
visitor, and a self-signed SSL certificate should never be used for any public facing application such
as an e-commerce site.

Using a self-signed SSL certificate for your website will guarantee a secure connection between
your computer and the website. However, since the SSL certificate is self-signed, it can be forged
and there is no guarantee that the site is genuine, or if the site is the subject of what is called a
man-in-the-middle attack - http://en.wikipedia.org/wiki/Man-in-the-middle_attack If the applications
and data you are trying to secure contain very sensitive data, we strongly recommend that you
purchase a commercial SSL certificate from a Certificate Authority.

Instructions on how to install a self-signed SSL certificate are found here.

Commercial SSL Certificate
For any website that is doing actual customer facing business, such as an e-commerce site, you
need a commercial SSL certificate. These SSL certificates require that you submit business
information to the Certificate Authority, and provide a greater degree of trust for the consumer that
you are who you say you are, and that your business is legitimate.

With commercial SSL certificates, it truly is a matter of "you get what you pay for". The more
expensive the SSL certificate, the more validation is done by the Certificate Authority, which can
translate into a higher degree of trust by the consumer.

Information on how to purchase a Globalsign or AlphaSSL certificate from eApps are found here. If
you purchase a commercial SSL certificate from eApps, we will install it as part of the service.

Information on installing a third party SSL certificate is found here. Please be aware that no support
is offered for SSL certificates that are not purchased through eApps.

Installing a self-signed SSL certificate
Before installing a self-signed SSL certificate, make sure you have installed the mod_ssl module
and met the requirements.

Log in to the Control Panel, and click on the Site tab. If necessary, click on the Select Another Site
link on the left, and choose the correct site.

Click on Website Settings. There should be a tab at the right for Secure Website. If the Secure
Website tab is not visible, and you only have one IP address (assuming you have mod_ssl installed
and met the requirements) then check to make sure SSL is not enabled on another site on the same
subscription.

In the Secure Website tab, click on the Generate a request button. Fill out the form as follows. For a
self-signed SSL certificate, only items with red asterisks (*) are required. If you are creating a CSR
for a third party commercial SSL certificate, all fields are required.


                                                  Page 4/12
                                         Powered By Kayako SupportSuite
             https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



   » Country* - select your country from the drop down menu (choose the country where you are
located, not where the VPS is located)

   » State (US or Canada) - if you are in the US or Canada, choose your state or province from the
drop down menu

   » State (other countries) - enter the state or province or administrative region of your location

   » Locality* - enter the name of your city or town

   » Organization name* - enter the name of your company or organization

   » Organization unit name - enter the name of your organizational unit

    » Site name* - enter the name of the site to be secured. If you are going to use the "www" alias
for the site, make sure to specify that here. If you only enter domain.com, then www.domain.com will
not be encrypted.

Click on Submit to create the Certificate request. If you make a mistake, just click on Generate a
request again and start over.

To see the results of the Certificate request, click on the SSL certificate request details link.

At this point, the self-signed SSL certificate is ready. Just click on the Enable SSL button to install it.
Now you will be able to access your site using https as well as http.

Remember that you and your site visitors will be shown a warning when you connect because this is
not a commercial SSL certificate from a recognized Certificate Authority. Self-signed SSL certificates
should never be used for actual public facing sites, and especially not for any kind of e-commerce
site.

Purchasing a commercial SSL certificate from eApps
eApps Hosting sells commercial SSL certificates from Globalsign and AlphaSSL. If you purchase an
SSL certificate from eApps, we will order and install the SSL certificate for you. However, you will be
required to answer some questions to start the order process, and possibly reply to e-mails from the
Certificate Authority as they try to verify your business details.

To start the process, go the eApps Hosting main site at http://eapps.com and click on the Store link
at the top of the page.

In the Products Overview section near the middle of the page, click on SSL Certificates.

Choose the SSL Certificate that is right for your needs. Read the descriptions carefully to fully
understand the benefits of each type of SSL certificate. Remember, the more expensive the SSL
certificate, the more validation is required by the Certificate Authority, and the longer the certificate
will take to be issued. Also, the more expensive SSL certificates have a higher degree of trust by the

                                                   Page 5/12
                                          Powered By Kayako SupportSuite
             https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



consumer.

Once you have chosen the SSL certificate you wish to purchase, click on Buy Now and follow the
process to complete the order. You will be required to fill out a questionnaire in the Configuration
section of the order process.

The answers to this questionnaire are crucial to the order process, because these are the answers
that eApps provides to the Certificate Authority to order the SSL certificate. Please answer these
questions carefully. Incomplete or incorrect answers could delay the order process.

If you realize that you have made any errors with the information given during the SSL certification
process, contact eApps immediately. If the SSL certificate has already been issued, there may be
a small fee from the Certificate Authority to reissue the SSL certificate with the new information.

SSL Certificate Questionnaire
URL to be encrypted, in the form of domain.com (if you specify domain.com, the www.domain.com
form will also be eligible for encryption unless you specifically state otherwise):Enter the domain
name that will use the SSL certificate, in the form of domain.com or www.domain.com. If you use
just domain.com, then www.domain.com will also be encrypted. If you use www.domain.com, then
only www.domain.com will be encrypted. Also note that subdomains and direct links are not valid -
you cannot enter domain.com/subdomain or domain.com/path/to/link for an SSL certificate. Only
actual Fully Qualified Domain Names are valid.

Organization or Company Name:
Enter the name of your organization or company

Organizational Unit (enter NA if not applicable):
If you are part of an organizational unit, enter that here. Otherwise, enter NA

Street Address (cannot be a P.O. Box, and should be verifiable through the phone book):
Enter the physical street address for your company or organization. P.O. boxes are not allowed, and
the address should be verifiable through your local phone directory.

City:
Enter the name of your city

State/Province:
Enter the name of your state, province, or administrative region

Country (full name and two letter code):
Enter the full name of your country, as well as its two letter code. The two letter codes for all
countries can be found here - http://www.theodora.com/country_digraphs.html

Zip Code/Postal Code:
Enter the postal code for your location

Corporate/Organization Contact:
Enter the contact person for your organization. This needs to be someone who can answer

                                                   Page 6/12
                                          Powered By Kayako SupportSuite
             https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



authoritatively for your organization should the Certificate Authority have questions during the
issuing process.

Title of Contact:
Enter the title of the person listed in the Corporate/Organization Contact section.

Phone Number, with area/country code:
Enter the phone number for your organization. Give the full country code and area code in case
someone from the Certificate Authority needs to contact you.

Fax Number, with area/country code (enter NA if not available):
If you have a fax number, enter it here. If not, enter NA.

E-mail Address (This MUST match the e-mail address in the "WHOIS" Domain Record):
Enter the e-mail address that is associated with the actual domain registration.




Using the wrong e-mail address is the most common problem encountered in the SSL Certificate
process. If you enter the incorrect e-mail address, or if you have domain privacy enabled, then your
SSL certificate order will be delayed, sometimes by several days. If you use a generic free e-mail
address like hotmail or yahoo, that can also delay the SSL certification order process.
If you host your e-mail through eApps, then we will try a known workaround in order to process your
SSL certificate that involves creating an e-mail address for ssladmin@domain.com on your VPS. If
you host your e-mail off of eApps Hosting, you will need to create this e-mail address yourself and
monitor it for the SSL certificate confirmation messages.

At all points during the SSL certificate ordering process, you will need to monitor the e-mail address
that was used to place the order, as well as the e-mail address that matches the domain registration
(if possible). Requests for more information from eApps or the Certificate Authority will need to be
responded to as soon as possible, because the SSL certificate order will be on hold while waiting for
your reply.

After the order is placed, and the SSL certificate issued, eApps Support will install and test the SSL
certificate on your site. Then we will reply to you with the status of the SSL certificate and the link to
add the Secure Seal to your site.


Purchasing a Commercial SSL Certificate from a 3rd Party Vendor
You can choose to purchase an SSL certificate from a third party vendor instead of eApps. There
are many vendors who sell SSL certificates across all price ranges.




eApps Hosting offers no support or assistance for SSL certificates that are purchased from third
party vendors. If you need assistance installing or configuring a third party SSL certificate, you will
need to contact the vendor support for assistance. Any assistance requested from eApps may be


                                                   Page 7/12
                                          Powered By Kayako SupportSuite
             https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



billable at our standard rate of $90 an hour, or $15 per 10 minute increment.
To issue the SSL certificate, the third party vendor will need a CSR (Certificate Signing Request).
They may also need other information. Please consult the SSL vendor to determine what
information they need and how they expect you to obtain it.

To generate a CSR, follow the steps to generate a self-signed SSL certificate. After generating the
request, click on the link for SSL certificate request details. The CSR will look similar to this:

-----BEGIN CERTIFICATE REQUEST-----
MIIBrjCCARcCAQAwbjELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0dlb3JnaWExETAP
BgNVBAcTCE5vcmNyb3NzMRowGAYDVQQKExFlQXBwcyBXZWIgSG9zdGluZzEeMBwG
A1UEAxMVd3d3LmVhcHBzLABCDEFGHIJKLMNtMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDOLOUrKeLYbE7tBtfvnY4l6gMvD+C3zNn2rH49GpMXVXvXpGwzsR9d
9XACLYMUbGGxbEumW0CdkmXEvBogfAqtN9VqIdYWWt126IYM4OJuAMrhRjoyFX6j
Of4WoHPhWIRAA1B2C3D4E5f6j7D91GARSmEOMZn87qlwdDUAqyeEsQIDAQABoAAw
DQYJKoZIhvcNAQEFBQADgYEAdO0r4S2d28xQwfzJuc5Ku6ROcVF6qZZshgj1PWNz
VloE6dmyrFEJ3yMYhD2ih5yLF/J5lBxBQEGBwtiPvQAlnlWtXK78Uj/eetFdXL9x
PgvVjv+T4BbavKSgsENewzmGhgBnBQrQ9uV3l42Jnnu5kHR6zbIwDimn2ceDcTcN
YRY=
-----END CERTIFICATE REQUEST-----

Copy and paste the entire block, starting with the line for -----BEGIN CERTIFICATE REQUEST-----
and ending with the line for
 -----END CERTIFICATE REQUEST----- and send that to your SSL certificate vendor. Generally,
the SSL certificate vendor will have more detailed instructions as to what they want you to provide,
and in what format. If asked, request the certificate for Apache/mod_ssl.

Once the SSL Certificate is generated, you will usually be given two files - the SSL certificate itself,
and a private key. To install these files, go back to the Secure Website tab for that site in the Control
Panel, and click on the Install the SSL files button under Special Actions. Here you will install the
SSL Private Key first, either by uploading the file from your local computer or using copy and paste.
Then you will install the SSL Certificate in the same manner.

Once you have done this, click on the Enable SSL button in the Secure Website tab. At this point,
your SSL Certificate should be enabled and working. Remember, if you have any issues or
questions on installing your third party SSL certificate, you will need to contact the support team
from the SSL certificate vendor for assistance. Any assistance from eApps support may be billable.

There are also some instructions on the eApps Community Forum about installing third party SSL
certificates: http://community.eapps.com/showthread.php?82-Installing-a-3rd-Party-SSL-Certificate

Those instructions reference a $15 flat fee for eApps support to install the SSL certificate for you.
This is still valid, but remember that we cannot guarantee that every SSL certificate will work, and
eApps support is under no obligation to make a third party unsupported SSL certificate work.

If the basic installation process does not work, then any continued work will be billable at our
standard rate of $15 per 10 minute increment. Depending on the nature of any issues encountered,
you may have to go back to the SSL vendor support for assistance.


                                                   Page 8/12
                                          Powered By Kayako SupportSuite
            https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



Creating a 2048 bit CSR for a 3rd party commercial SSL vendor
Some commercial SSL vendors require that you provide a 2048 bit CSR (Certificate Signing
Request)Â in order to purchase an SSL certificate. Currently, the PBA Control Panel only generates
1024 bit CSRs. In this case, you will need to create a 2048 bit CSR from the command line, as well
as generate a private key to use with the third party SSL certificate.




Creating the 2048 bit CSR and new private key will require you to connect to the VPS via SSH, and
work as the root user. If you cannot do this, eApps Support can create the 2048 bit CSR and private
key for you, but this is considered billable work. The charge for this is $15.
Once you have connected to the VPS, you will need to become the root user and then make a new
directory to create the CSR and private key in. See the User Guide - Connecting to your Virtual
Private Server using SSH - http://support.eapps.com/hsp/ssh for more information on connecting to
the VPS from the command line.




[webadmin@eapps-example ~]$ su -
Password: password
[root@eapps-example ~]# mkdir certs/
[root@eapps-example ~]# cd certs/
[root@eapps-example certs]# pwd
/root/certs
[root@eapps-example certs]#

First, generate the private key. Remember to substitute your domain name for eapps-example.com:




[root@eapps-example certs]# openssl genrsa -out www.eapps-example.com.key 2048
Generating RSA private key, 2048 bit long modulus
............+++
............................................................+++
e is 65537 (0x10001)
[root@eapps-example certs]# ll
total 4
-rw-r--r-- 1 root root 1679 May 12 14:28 www.eapps-example.com.key
[root@eapps-example certs]#

Next, generate the CSR using this private key. You will need to answer the questions for the CSR:




[root@eapps-example certs]# openssl req -new -key www.eapps-example.com.key -out
www.eapps-example.com.csr


                                                  Page 9/12
                                         Powered By Kayako SupportSuite
            https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Georgia
Locality Name (eg, city) [Newbury]:Norcross
Organization Name (eg, company) [My Company Ltd]:eApps Web Hosting
Organizational Unit Name (eg, section) []:.(enter a period [.] and press return)
Common Name (eg, your name or your server's hostname) []:www.eapps-example.com
Email Address []:ssl_user@eapps-example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:(press return)
An optional company name []:(press return)
[root@eapps-example certs]# Â

You will now have the private key and the new 2048 bit CSR in the /root/certs/ directory. Use the cat
command to read the CSR file, and give that to the third party SSL vendor (usually by copying and
pasting the text into their form or e-mail).




[root@eapps-example certs]# ll
total 8
-rw-r--r-- 1 root root 1074 May 12 14:32 www.eapps-example.com.csr
-rw-r--r-- 1 root root 1679 May 12 14:28 www.eapps-example.com.key
[root@eapps-example certs]#

[root@eapps-example certs]# cat www.eapps-example.com.csr
-----BEGIN CERTIFICATE REQUEST-----
MIIC3zCCAccCAQAwgZkxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMREw
DwYDVQQHEwhOb3Jjcm9zczEaMBgGA1UEChMRZUFwcHMgV2ViIEhvc3RpbmcxHjAc
BgNVBAMTFXd3dy5lYXBwcy1leGFtcGxlLmNvbTEpMCcGCSqGSIb3DQEJARYac3Ns
X3VzZXJAZWFwcHMtZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDTHjFKZP68eqWuiYpR5xEeMtZniHtPyl761IlmidOl3vBcW02vDWQC
Df0dK70Re7hjDUWJKaQwFD/XoyYuaqzHnj5aKs5KZZfS4KSSESuHnVns5AA6U67C
llYQfTUnbFIN+ABCDEFGHIJKLMNOPQRSTUVWXYZ4r/leapqbd0MGoBciAKQZw0Wz
ZCWojAGnddbZgEBHIzbanACj1u7RQAab02RbPbzD4lyjjrmTpIrX+5OqgDWwBfnE
0fSyBA2ZWrT8qo/G+NBcuUqrV3rVT8S9huC63pOXLSmwFYCuBBQZkxwSVKSuej9B
dY3FeDW36et5igN4LqAnD00vvWp6PqrbZxazUGVgYJNAgMBAAGgADANBgkqhkiG9
AQEAqtrXS4m41n5cr33NTurN0ncKYEpzyxwvutsrqponmlkjihgfedcbals/nFVe
qNI4qOwmeDs1m6D/cFlL0qx6xf0ir+UaGdY+nfKgUav686xCkuxC2QcxAjlHEiLj
stLob411Y0vrB45e4r3Be10n6ToUsD0Ild5123456789aBcDeFgHiJkLmNoPqRsT

                                                  Page 10/12
                                         Powered By Kayako SupportSuite
             https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



3rmiPSWDevXJfhbhpLCeg3J1biaqyXTH27JylOgF9aL9pqsutflmEfnTsIoZNkqA
xUkFoNZt8uck36r9KlPyJKQce+s+Mm0EYaqvQcGSR+6u/QFqQsQu1SksjepFFCHn
iN2PrDr4Uv0PE/oS76CPFk8Dlg==
-----END CERTIFICATE REQUEST-----
[root@eapps-example certs]#

Remember that any and all assistance with a commercial SSL certificate purchased from a 3rd party
vendor could be considered billable, and no support is provided for third party commercial SSL
certificates. Only SSL certificates purchased through eApps are supported.


Common Issues using SSL
The SSL certificate will let you encrypt all content under the DocumentRoot for the site. For
example, this means that all content under /home/webadmin/eapps-example.com/html (the
DocumentRoot for http://www.eapps-example.com) can be served using https.

This also means that any content you want to serve using https has to be under the DocumentRoot
for the site that is using SSL - all graphics, all images and video, all text content, any sound files,
etc. If your HTML code links to directories or web forms outside the DocumentRoot of the site using
SSL, you will need to move those directories or forms into the DocumentRoot for the site, and
change your HTML code to point to the new locations. If your site uses CSS, you will need to make
sure any external CSS stylesheets are also in the DocumentRoot of the site using SSL, and change
your HTML to point to their new locations.


Images and Graphics are not using SSL
Many sites use shared graphics and images, such as header and footer images or common icon
images. If these images are not in the same domain directory that belongs to the site that is using
SSL, some browsers will issue a warning that the site is not secure. Make sure that all the images
and graphics for the site that is using SSL are in the same directory as the site itself.


Links to off-site content are not using SSL
It is common to link to off-site content, such as information from a third party vendor, or even to
Youtube videos or various social networking sites. If those links to off-site content do not point to
SSL https links, some browsers will issue warnings that the site content is not encrypted.


Forcing site visitors to use SSL
In some cases, you may want to force the visitors to your site to use SSL (https). You can use
mod_rewrite to force site visitors to use https, even if they typed in http.
The mod_rewrite directives have to be entered in the Custom Settings tab of the web site that is
using SSL. To access Custom Settings, go to the Control Panel, and click on the Site tab. If
necessary, click on the Select Another Site link on the left, and choose the correct site.

Click on Website Settings, and then on the Custom Settings tab. Click on Edit, and add these lines,
making sure to substitute eapps-example.com for your actual domain name.


                                                   Page 11/12
                                          Powered By Kayako SupportSuite
            https://support.eapps.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=140



RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.eapps-example.com/$1 [R,L]

Click Update to save your changes. Now any visitor that goes to
http://www.eapps-example.com will be redirected to https://www.eapps-example.com



Links to other information
Official Apache mod_ssl documentation - http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
Official Apache mod_rewrite guide - http://httpd.apache.org/docs/2.0/misc/rewriteguide.html




                                                  Page 12/12
                                         Powered By Kayako SupportSuite

				
DOCUMENT INFO
Description: How Do I Correct Common Name on Self-Signed Ssl Certificate document sample