Surya's Blog!

Tag: SSL Certificate

  • How to install Comodo SSL certificate with NGNIX web server?

    How to install Comodo SSL certificate with NGNIX web server?

    Installation method for COMODO SSL Certificate

    comodo_ssl_installation

    If you have generated the CSR and purchased or renewed the SSL with Comodo, you might have noticed that, the comodo has sent you 4 files instead of 1 one file.

     

     

     

    AddTrustExternalCARoot.crt - This is root CA Certificate

COMODORSAAddTrustCA.crt - Intermediate CA Certificate

COMODORSAOrganizationValidationSecureServerCA.crt - This is also intermediate 
CA certificate

domain_name_com.crt - The domain/ Sub Domain name you have provided while generating CSR>

    You need to concat the content of those file in specific order. The order is

    domain_name.crt
COMODORSAOrganizationValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

    You can simply open your favourite text editor to do that or if you are working with linux, you can simply use linux cat command to do that.

    surya >>/$ cat domain_name.crt COMODORSAOrganizationValidationSecureServerCA.crt  COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > domain_name_combined.crt

    Now upload the combined or bundled ssl certificate to the location where nginx can find that.

    mkdir -p /etc/nginx/ssl/domain_name_com/
scp domain_name_combined.crt user@host:/etc/nginx/ssl/domain_name_com/

    Move the private key to the same folder which you have generated while generating CSR.

    mv domain_name_com.key /etc/nginx/ssl/domain_name_com/

    Now edit the nginx conf and make an entry for SSL certificate

    server {
    listen 443;

    ssl on;
    ssl_certificate /etc/nginx/ssl/domain_name_com/domain_name_combined.crt;
    ssl_certificate_key /etc/nginx/ssl/domain_name_com/domain_name_com.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    # Rest of the conf ...

}

    Now check for the nginx configuration is valid or not? if valid then reload the nginx conf. Make a practice of validating nginx conf before reloading or restarting nginx.

    surya@x ~/$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

surya@x ~/$ sudo service nginx reload

    Now validate the SSL is installed correctly or not by online tools. like below

    https://sslanalyzer.comodoca.com/

    This is how you can install the Comodo SSL on nginx.

  • How to create CSR ( Certificate Signing Request ) for new SSL or to renew SSL?

    How to create CSR ( Certificate Signing Request ) for new SSL or to renew SSL?

    What is SSL?

    SSL (Secure Sockets Layer) is a standard security protocol for establishing encrypted connection between a web server and client browser in communication.

    The usage of SSL technology ensures that all data transmitted between the web server and clients browser remains encrypted.

    To get the SSL from Certificate Authorities, you must need to provide the CSR to them and Certificate Authorities will sign the certificate provided by you. CSR contains the information related to Country, State, Locality, Organisation, Organisation Unit, Common Name – Domain Name and email address as well as public key.

    Let’s learn how to generate the CSR?

    Step 1: Generate the private key first. If you are renewing the SSL this step is not required. To generate the private key use below mentioned command.

    surya@x ~/ » openssl genrsa -out blog.suryaelite.com.key 4096

 1 ↵
Generating RSA private key, 4096 bit long modulus
................................++
.........++
e is 65537 (0x010001)

    2048 or higher bit private key recommended. I have used 4096 bit.

    Step 2: Now generate the CSR by using below command.

     

    surya@x ~/ » openssl req -new -key blog.suryaelite.com.key -out blog.suryaelite.com.csr 


You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:HR
Locality Name (eg, city) []:Gurgaon
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SuryaElite
Organizational Unit Name (eg, section) []:blog
Common Name (e.g. server FQDN or YOUR name) []:blog.suryaelite.com 
Email Address []:surya@suryaelite.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Surya Elite Pvt. Ltd.

    Now you will have two files, one is private key and second one is CSR. Not you need to send the CSR file to Certificate Authority and then Certificate Authority will sign the Certificate and send you the Certificate.

    Now you need to apply the SSL to the web server you are using NGINX or Apache. So this is how you can generate the CSR File.

  • How to decode CSR (Certificate Signing Request) ?

    How to decode CSR (Certificate Signing Request) ?

    What is CSR?

    Certificate Signing Request
    Certificate Signing Request is encrypted piece of code which is going to used for generating the SSL Certificate for your domain name.

     

    CSR contains the information about Country, State, Location, Organisation Name, Common Name ie Domain Name , Email Address and Public Key.

    Lets see how to extract the information from the CSR file?

    How to extract information from the CSR?

    surya@x ~/ » openssl req -in blog.suryaelite.com.csr -text -noout

    How to verify the signature of CSR?

    surya@x ~/ » openssl req -in blog.suryaelite.com.csr -noout -verify

    To which company certificate is issued to?

    surya@x ~/ » openssl req -in blog.suryaelite.com.csr -noout -subject

    How to extract Public Key from CSR?

    surya@x ~/ » openssl req -in blog.suryaelite.com.csr -noout -pubkey

    This is how you can extract the various information from the CSR file.