LetsEncrypt provide Free SSL with 90 day validity. You need to renew it every 90 days, there are software to do this. For windows some of the popular software are.
This is a small exe file, it have command line interface (No GUI). You need to run this program ad Administrator (Run as Administrator), then only it will setup Scheduled Tasks needed for auto SSL renew.
It support auto SSL install on IIS and have option for custom SSL install.
This is a GUI program.
This PHP script will redirect web site visitor to HTTPS (SSL) url. You can add this in your index.php of the web site
|
1 2 3 4 5 6 |
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ) { header("HTTP/1.1 301 Moved Permanently"); $newUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; Header("Location: $newUrl"); exit; } |
Move a site to new URL using PHP
|
1 2 3 4 |
$newUrl = "https://NEW-URL-HERE" . $_SERVER['REQUEST_URI']; header("HTTP/1.1 301 Moved Permanently"); Header("Location: $newUrl"); exit; |
You can also use Apache mod_rewrite .htacess to do the redirection.
To force a site to always use HTTPS, add following content to web.config file.
|
1 2 3 4 5 6 7 |
<rule name="HTTPSOK" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule> |
Here is full web.config file for a web site that use WordPress and Force SSL
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <handlers> <remove name="PHP_via_FastCGI" /> <add name="PHP_via_FastCGI" path="*.php" verb="GET,HEAD,POST" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v5.3\php-cgi.exe" resourceType="Either" requireAccess="Script" /> </handlers> <rewrite> <rules> <rule name="SEO friendly URL " patternSyntax="Wildcard"> <match url="*" /> <conditions> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> </conditions> <action type="Rewrite" url="index.php" /> </rule> <rule name="HTTPSOK" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule></rules> </rewrite> </system.webServer> </configuration> |
To remove password from SSL private key, run
|
1 |
openssl rsa -in PASSWORD_PROTECTED.key -out NO_PASSWORD.key |
This will ask for password. Once you enter password, key get saved with out password.
To convert SSL certficiate into PFX format, run
|
1 |
openssl pkcs12 -export -out certificate.pfx -inkey private-key.key -in certificate.crt -certfile ca-certificate.crt |
Example for SSL from namecheap/ssls
|
1 |
openssl pkcs12 -export -out certificate.pfx -inkey serverok_in_key.txt -in serverok.in/serverok.in.crt -certfile serverok.in/serverok.in.ca-bundle |
Here are some cheap SSL providers
See SSL
Here is few web sites where you can check your SSL certificate is installed properly.
See SSL
To enable SSL in Magento, go to System > Configuration
Click on “Web” link on left menu.
On this page, set Auto-redirect to Base URL to No.
Under “Unsecure” option, change the URL to use HTTPS.
Under “Secure” option, set “https” for Base URL. Set “Yes” for both “Use Secure URLs in Frontend” and “Use Secure URLs in Admin”.
If your Home page is linking to non HTTPS link, this is because Default page is set to CMS page, you need to edit and replace content of CMS page to use HTTPS links under Magento Admin > CMS > Pages.
Mcrosoft Azure App Certificate is used to secure Azure App Services, now they allow export of this SSL certificate in PFX format, so it can be used in other services like Azure VM or third party applications. You need to use a powershell script provided by Microsoft to do the Export.
To use the SSL certficiate in FPX format in Apache or Nginx web server, you need to convert it.
To do this, run
|
1 |
openssl pkcs12 -in ssl.pfx -nocerts -out key.pem |
It will ask for Import password. If you enter a password during pfx file creation, enter it. If not just press enter.
Next it ask for PEM password, enter a password, with out password, it won’t work.
We have key.pem, that is password protected, we need to remove key file with out password, for this, run
|
1 |
openssl rsa -in key.pem -out key-no-pw.key |
To export certificate file from PFX file, run
|
1 |
openssl pkcs12 -in ssl.pfx -clcerts -nokeys -out cert.pem |
To install SSL certificate in Virtualmin, select the domain from drop down list of Virtualmin.
On left Menu, go to Server Configuration > SSL Certificate
If you want to install Free LetsEncypt SSL, click on “Let’s Encrypt” link on top. On next page
Click on “Request Certificate”.
