Tuesday, April 12, 2016

7:59 AM

A valid SSL certificate can bring a lot of benefits to your website. For starters, you can gain the trust of your visitors (or customers) with a valid SSL certificate. Seeing a secured connection to and from your server will increase their confidence in completing transactions or filling out forms with personal information. SSL certificates can also boost your site’s SEO performance, especially since Google and other search engines are now prioritizing secured websites. Before you can enjoy these benefits, however, you need to set up your own SSL certificate or find a company who does it.

SSL Certificates for VPS

What You Need

To get started, you need several things:
  • A domain name. An SSL certificate is attached to a single domain name and will only work for that domain, so you need to select the domain name you want to secure before you can move forward.
  • With an active domain name in place, you also need proper DVR or Domain Validation Rights. You simply need to have access to one of the registered administrative email addresses for the particular domain name you want to secure. The SSL certificate issuing body will then verify ownership or right to secure said domain name.
  • An SSL certificate. You can purchase an SSL certificate from any of the issuing bodies. Some SSL certificates are more expensive than the others, mainly because they are issued by a company or auditor with superb reputation and history. It is also possible to get an SSL certificate for free from entities such as Let’s Encrypt.
Don’t forget that you also need a web server that supports the use of SSL certificate. Since we will be focusing our discussion on VPS for this article, this requirement should not be a problem. Apache2, Nginx and Varnish all support the use of SSL and a valid SSL certificate.

Types of SSL Certificate and Validation

In the previous part, we talked about how you need a valid SSL certificate to implement SSL security. There are three main types of SSL certificate you can choose from:
  • Single Domain Certificate, which can be used for a single domain. You can use it to secure yourdomain.com, but additional subdomains (including www.yourdomain.com) are not included in the certificate.
  •  Wildcard or Multiple Subdomain Certificate, which – as the name suggests – can be used to secure everything under your domain name. Both yourdomain.com and *.yourdomain.com are covered by the SSL certificate. For example, you can set up store.yourdomain.com with proper SSL encryption.
  • Multiple Domain, used to secure multiple domains, such as yourdomain.com, yourdomain.net and yourdomain.org. You can also apply SSL security to all subdomains related to the registered domain names.
A Wildcard certificate is usually the most suitable option in most cases. Of course, these SSL certificates can have different validation levels. They can either be Domain Validation, Organization Validation or Extended Validation. Domain Validation or DV validates that you own or control the domain name. Organization Validation, on the other hand, validates your legal entity. You need to submit legal documents before an OV can be issued. Extended Validation, on the other hand, is the highest level of validation with a lot of specific requirements.

Implementing the SSL Certificate

These are the steps to take when you want to implement an SSL certificate on VPS hosting:
  • First, you need to generate your own CSR and Private Keys. CSR or Certificate Signing Request key and private key need to be submitted when you are purchasing the SSL certificate later. You can generate these keys using OpenSSL on your server and a simple command.
  • The result of the previous step is a key file with .csr extension. This is the file that you need to submit to get a valid SSL certificate. Another file generated from the previous step is your private key (.key). You need to keep this file secure.
  • Next, get a valid SSL certificate. The purchase method depends on which provider you use. However, you will be asked to submit the .csr file for your domain name to get a valid SSL certificate in return.
  • At this point, you will be asked to complete a domain verification process. Simply check your administrative email address – the one registered when you register your domain name – and follow the steps.
  • Download your SSL certificate. You are not ready to deploy SSL security on your VPS.
SSL certificate deployment depends highly on which operating system and server technology you use. Most of the time, however, you just need to copy your SSL certificate and several other files, including your private key and an intermediate certificate issued by the issuing body, to a designated folder.

Don’t forget to configure your firewall to allow access from port 443 (HTTPS). You may also need to reconfigure Apache, Nginx or Varnish to work with HTTPS requests, both on a server level or for each individual domain name you use.