SSL Archives - Page 2 of 3

Change Email address of LetsEncrypt SSL

To change email address of LetsEncrypt SSL certficate account, run

certbot update_account --email you@your-domain.com

See LetsEncrypt

November 28, 2020

Delete LetsEncrypt SSL certficate

To list all available LetsEncrypt SSL certificates, run

certbot certificates

To delete a certificate, run

certbot delete --cert-name NAME_OF_SSL_CERT

You can find NAME_OF_SSL_CERT from the command “certbot certificates”.

See LetsEncrypt

November 26, 2020

Remove SSL private key password

To remove password from SSL private key, run

openssl rsa -in  PASSWORD_PROTECTED.key -out  NO_PASSWORD.key

This will ask for password. Once you enter password, key get saved with out password.

July 4, 2019

Convert SSL certificate into PFX format

To convert SSL certficiate into PFX format, run

openssl pkcs12 -export -out certificate.pfx -inkey private-key.key -in certificate.crt -certfile ca-certificate.crt

Example for SSL from namecheap/ssls

openssl pkcs12 -export -out certificate.pfx -inkey serverok_in_key.txt -in serverok.in/serverok.in.crt -certfile serverok.in/serverok.in.ca-bundle

May 20, 2019

Purchase SSL

Here are some cheap SSL providers

See SSL

March 22, 2019

When using Nginx as a reverse proxy, you may need to handle SSL verification requests. Passing this request to the backend server may not do any good as back-end servers usually only handle application requests.

To handle SSL validation requests, use the following Nginx Configuration

server {
    listen 80;
    server_name YOUR-DOMAIN.EXTN www.YOUR-DOMAIN.EXTN;

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        autoindex on;
        root /var/www/html;
    }

    location / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:4200;
    }
}

Now restart Nginx

service nginx restart

You can get SSL with the following letsencrypt command

certbot --authenticator webroot --webroot-path /var/www/html --installer nginx -d DOMAIN.EXTN -d www.DOMAIN.EXTN

If you have a redirect to HTTPS in your Nginx server block, use something like

server {
    listen 80;
    server_name YOUR-DOMAIN.EXTN www.YOUR-DOMAIN.EXTN;

    location ^~ /.well-known/acme-challenge/ {
        allow all;
        autoindex on;
        root /var/www/html;
    }

    location / {
        return 301 https://DOMAIN.EXTN$request_uri;
    }
}

See LetsEncrypt, Nginx

June 21, 2018

Create SSL pem file

To make .pem file from SSL certificate, run

cat  yourdomain.key yourdomain.crt yourdomain.ca-bundle > yourdomain.pem

Here is the format

-----BEGIN RSA PRIVATE KEY----- 
(Private Key: domain_name.key contents) 
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE----- 
(Primary SSL certificate: domain_name.crt contents) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Intermediate certificate: certChainCA.crt contents) 
-----END CERTIFICATE----

ssls/namecheap SSL example

cat domain_com_key.txt domain.com/domain.com.crt domain.com/domain.com.ca-bundle > ssl.pem

April 2, 2018

Verify SSL Key matches with Private Key

To verify if SSL key match with the private Key, run following commands and compare resulting hash, it should match if SSL and Keys are matching.

Verify Private Key

openssl rsa -modulus -noout -in MY_DOMAIN.key | sha256sum

Verify SSL

openssl x509 -modulus -noout -in MY_DOMAIN.crt | sha256sum

Verify CSR

openssl req -modulus -noout -in MY_DOMAIN.csr | sha256sum

PHP Script to verify private key matches SSL certificate?
ssl

March 10, 2018

Amazon Linux Invalid command SSLEngine

On Amazon Linux, when restarting Apache server, i get error

[root@ip-172-16-20-44 conf.d]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: AH00526: Syntax error on line 5 of /etc/httpd/conf.d/sendy.mayflower.com.my-le-ssl.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration
                                                           [FAILED]
[root@ip-172-16-20-44 conf.d]#

This is because SSL module was not installed on the server. To fix, run

sudo yum install -y mod24_ssl

See ssl

January 21, 2018

Nginx Curl SSL error

After installing SSL on Nginx server, it worked on browser, but when i try access using curl command, i get error

# curl  https://serverok.in
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
#

This is fixed by adding ca-bundle to .crt file.

The cert file should be in following format

YOUR_DOMAIN.crt
YOUR_DOMAIN.ca-bundle

This can be done with

cat YOUR_DOMAIN.crt YOUR_DOMAIN.ca-bundle > YOUR_DOMAIN.ssl

Now use YOUR_DOMAIN.ssl as your ssl certificate in nginx.

        ssl on;
        ssl_certificate /etc/ssl/YOUR_DOMAIN.ssl;
        ssl_certificate_key /etc/ssl/YOUR_DOMAIN.key;

December 23, 2017

SSL

SSL Install

SSL Test

SSL Settings

Disable TLSv1 in Nginx

SSL Windows

Ca Bundle

RapidSSL RSA CA 2018

Enable SSL on Applications

Enable SSL on BitBucket Server

Force SSL validation Comodo SSL

https://secure.trust-provider.com/products/ORDERSTATUSCHECKER

December 22, 2017

Category: SSL