LetsEncrypt provide Free SSL with 90 day validity. You need to renew it every 90 days, there are software to do this. For windows some of the popular software are.
This is a small exe file, it have command line interface (No GUI). You need to run this program ad Administrator (Run as Administrator), then only it will setup Scheduled Tasks needed for auto SSL renew.
It support auto SSL install on IIS and have option for custom SSL install.
This is a GUI program.
This PHP script will redirect website visitors to HTTPS (SSL) URL. You can add this in your index.php of the website
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ) {
header("HTTP/1.1 301 Moved Permanently");
$newUrl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
Header("Location: $newUrl");
exit;
}To redirect visitors to a new URL using PHP, use the following PHP code
$newUrl = "https://NEW-URL-HERE" . $_SERVER['REQUEST_URI'];
header("HTTP/1.1 301 Moved Permanently");
Header("Location: $newUrl");
exit;You can also use Apache mod_rewrite .htacess to do the redirection.
To force a site to always use HTTPS, add following content to web.config file.
Here is full web.config file for a web site that use WordPress and Force SSL
To remove password from SSL private key, run
openssl rsa -in PASSWORD_PROTECTED.key -out NO_PASSWORD.key
This will ask for password. Once you enter password, key get saved with out password.
To convert SSL certficiate into PFX format, run
openssl pkcs12 -export -out certificate.pfx -inkey private-key.key -in certificate.crt -certfile ca-certificate.crt
Example for SSL from namecheap/ssls
openssl pkcs12 -export -out certificate.pfx -inkey serverok_in_key.txt -in serverok.in/serverok.in.crt -certfile serverok.in/serverok.in.ca-bundle
Here are some cheap SSL providers
See SSL
Here is few web sites where you can check your SSL certificate is installed properly.
See SSL
To enable SSL in Magento, go to System > Configuration
Click on “Web” link on left menu.
On this page, set Auto-redirect to Base URL to No.
Under “Unsecure” option, change the URL to use HTTPS.
Under “Secure” option, set “https” for Base URL. Set “Yes” for both “Use Secure URLs in Frontend” and “Use Secure URLs in Admin”.
If your Home page is linking to non HTTPS link, this is because Default page is set to CMS page, you need to edit and replace content of CMS page to use HTTPS links under Magento Admin > CMS > Pages.
Mcrosoft Azure App Certificate is used to secure Azure App Services, now they allow export of this SSL certificate in PFX format, so it can be used in other services like Azure VM or third party applications. You need to use a powershell script provided by Microsoft to do the Export.
To use the SSL certficiate in FPX format in Apache or Nginx web server, you need to convert it.
To do this, run
openssl pkcs12 -in ssl.pfx -nocerts -out key.pem
It will ask for Import password. If you enter a password during pfx file creation, enter it. If not just press enter.
Next it ask for PEM password, enter a password, with out password, it won’t work.
We have key.pem, that is password protected, we need to remove key file with out password, for this, run
openssl rsa -in key.pem -out key-no-pw.key
To export certificate file from PFX file, run
openssl pkcs12 -in ssl.pfx -clcerts -nokeys -out cert.pem
To install SSL certificate in Virtualmin, select the domain from drop down list of Virtualmin.
On left Menu, go to Server Configuration > SSL Certificate
If you want to install Free LetsEncypt SSL, click on “Let’s Encrypt” link on top. On next page
Click on “Request Certificate”.
Info needed for Certificate Signing Request (CSR) generation
Country Name (2 letter code):
State or Province Name:
Locality Name (eg, city):
Organization Name (eg, company):
Email Address:Generate CSR
openssl req -new -newkey rsa:2048 -nodes -keyout DOMAIN.key -out DOMAIN.csrHere is oneliner
openssl req -new -newkey rsa:2048 -nodes -out DOMAIN.csr -keyout DOMAIN.key -subj "/C=COUNTRY-CODE/ST=STATE/L=CITY/O=BUSINESS/OU=Retail/CN=DOMAIN/[email protected]"For normal SSL, enter the domain without www.
For wildcard use *.domain.com
For multi-domain (SAN), enter domains separated by space. For Namecheap SAN SSL., enter the main domain only, secondary domains can be added in the Namecheap website.
Example
$ openssl req -new -newkey rsa:2048 -nodes -out webhostingneeds.com.csr -keyout webhostingneeds.com.key -subj "/C=IN/ST=Kerala/L=Kochi/O=WebHostingNeeds.com/OU=Retail/CN=webhostingneeds.com"
Generating a 2048 bit RSA private key
.+++
.....................+++
writing new private key to 'webhostingneeds.com.key'
-----
$ OpenSSL CSR Wizard
https://www.digicert.com/easy-csr/openssl.htm
View CSR Details
openssl req -in DOMAIN.csr -noout -textTo generate self signed SSL certificate, run
openssl genrsa -out DOMAIN_NAME_HERE.key 2048
openssl req -new -x509 -key DOMAIN_NAME_HERE.key -out DOMAIN_NAME_HERE.crt -days 3650 -subj /CN=DOMAIN_NAME_HEREOr
openssl req -newkey rsa:2048 -nodes -keyout DOMAIN_NAME_HERE.key -x509 -days 3650 -out DOMAIN_NAME_HERE.crtAdd Self Signed SSL to Apache Virtual Host
Let’s say your Apache virtual host entry is
<VirtualHost *:80>
ServerName serverok.in
ServerAlias www.serverok.in
ServerAdmin [email protected]
DocumentRoot /home/serverok.in/public_html
<Directory "/home/serverok.in/public_html">
Options All
AllowOverride All
Require all granted
Order allow,deny
allow from all
</Directory>
</VirtualHost>Create a new VirtualHost entry based on this, say yourdomain-ssl.conf, in this new file
Find
<VirtualHost *:80>Replace with
<VirtualHost *:443>Find line starting with
DocumentRootAdd Below
SSLEngine on
SSLCertificateFile /etc/ssl/yourdomain.crt
SSLCertificateKeyFile /etc/ssl/yourdomain.keyNow restart Apache
systemctl restart apache2See SSL