To change email address of LetsEncrypt SSL certficate account, run
|
1 |
certbot update_account --email you@your-domain.com |
See LetsEncrypt […]
View SSL certficate Details
To view certificate details
|
1 |
openssl x509 -text -noout -in SSL_FILE.crt |
For web server
|
1 |
openssl s_client -showcerts -connect serverok.in:443 |
IMAP via SSL
|
1 |
openssl s_client -showcerts -connect mail.yourdomain.com:993 -servername mail.yourdomain.com |
POP3 via SSL
|
1 |
openssl s_client -showcerts -connect mail.example.com:995 -servername mail.yourdomain.com |
SMTP via SSL
|
1 |
openssl s_client -showcerts -connect mail.yourdomain.com:465 -servername mail.yourdomain.com |
SMTP via TLS/StartTLS
|
1 |
openssl s_client -starttls smtp -showcerts -connect mail.yourdomain.com:25 -servername mail.yourdomain.com |
See SSL […]
Delete LetsEncrypt SSL certficate
To list all available LetsEncrypt SSL certficates, run
|
1 |
certbot certificates |
To delete a certificate, run
|
1 |
certbot delete --cert-name NAME_OF_SSL_CERT |
You can find NAME_OF_SSL_CERT from command “certbot certificates”. See LetsEncrypt […]
SSL Life Time Reduced to 397 days
Due to changes in Apple, Mozilla and Google Root Store Policies, as of September 1, 2020, newly issued SSL/TLS certificates with a validity period greater than 13 months (397 days) are prohibited by policy and will not be trusted. https://www.globalsign.com/en/blog/maximum-ssltls-certificate-validity-now-one-year https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/ […]
LetsEncrypt Windows
LetsEncrypt provide Free SSL with 90 day validity. You need to renew it every 90 days, there are software to do this. For windows some of the popular software are. win-acme This is a small exe file, it have command line interface (No GUI). You need to run this program ad Administrator (Run as Administrator), […]
Redirect a site to HTTPS using PHP
This PHP script will redirect web site visitor to HTTPS (SSL) url. You can add this in your index.php of the web site
|
1 2 3 4 5 6 |
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ) { header("HTTP/1.1 301 Moved Permanently"); $newUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; Header("Location: $newUrl"); exit; } |
Move a site to new URL using PHP
|
1 2 3 4 |
$newUrl = "https://NEW-URL-HERE" . $_SERVER['REQUEST_URI']; header("HTTP/1.1 301 Moved Permanently"); Header("Location: $newUrl"); exit; |
You can also use Apache mod_rewrite .htacess to do the redirection. […]
IIS redirect site to HTTPS
To force a site to always use HTTPS, add following content to web.config file.
|
1 2 3 4 5 6 7 |
<rule name="HTTPSOK" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule> |
Here is full web.config file for a web site that use WordPress and Force SSL
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <handlers> <remove name="PHP_via_FastCGI" /> <add name="PHP_via_FastCGI" path="*.php" verb="GET,HEAD,POST" modules="FastCgiModule" scriptProcessor="C:\Program Files (x86)\PHP\v5.3\php-cgi.exe" resourceType="Either" requireAccess="Script" /> </handlers> <rewrite> <rules> <rule name="SEO friendly URL " patternSyntax="Wildcard"> <match url="*" /> <conditions> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" /> <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" /> </conditions> <action type="Rewrite" url="index.php" /> </rule> <rule name="HTTPSOK" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" /> </rule></rules> </rewrite> </system.webServer> </configuration> |
[…]
Remove SSL private key password
To remove password from SSL private key, run
|
1 |
openssl rsa -in PASSWORD_PROTECTED.key -out NO_PASSWORD.key |
This will ask for password. Once you enter password, key get saved with out password. […]
Convert SSL certificate into PFX format
To convert SSL certficiate into PFX format, run
|
1 |
openssl pkcs12 -export -out certificate.pfx -inkey private-key.key -in certificate.crt -certfile ca-certificate.crt |
Example for SSL from namecheap/ssls
|
1 |
openssl pkcs12 -export -out certificate.pfx -inkey serverok_in_key.txt -in serverok.in/serverok.in.crt -certfile serverok.in/serverok.in.ca-bundle |
[…]
Purchase SSL
Here are some cheap SSL providers https://www.sslforfree.com/ https://zerossl.com https://www.ssls.com/ https://www.gogetssl.com https://www.namecheap.com/security/ssl-certificates/comodo/ See SSL […]