NOTE: be SURE to get the right domain name 2016-04-30
/etc/httpd/conf/httpd.conf now includes this line:
SSLProtocol ALL -SSLv2 -SSLv3
startssl[dot]com for comptonpeslonline(dot)com — 2016-04-24
comodo might offer better prices (from the namecheap.com page)
shawn porsh-t likes thesba certs
1) change domain “Enabled features” to “SSL website enabled”
2) DELETE (or rename) the newly created self-signed ssl.key and ssl.cert files:
mv ssl.key ssl.keyMOVED ;
mv ssl.cert ssl.certMOVED ;
3) rename the new key file
mv ssl.newkey ssl.key ;
4) in virtualmin ServerConfiguration—>ManageSSLCertificates, enter “Create Signing Request”, create new ssl.key and ssl.csr (certification request) files:
5) click-copy the key:
6) enter startssl and enter the ssl.csr (certification request) file
7) download and the following two files:
- 1_root_bundle.crt – - rename to chain.cert
- 2_domain.com.crt – - rename to ssl.cert
8) go back into virtualmin and insert the ssl.cert file from previous step
9) open up chain.cert in notepad (or equivalent) and ctrl-A (copy) the entire file and create a chain.cert file
cat > chain.cert ;
10) chmod and chown the chain.cert file
chmod 700 chain.cert;
chown domain.domain.com chain.cert ;
11) ls -ltr
-rwx——— 1 ..1094 Apr 28 17:28 ssl.csr
-rwx——— 1 ..1679 Apr 28 17:46 ssl.key
-rwx——— 1 ..2216 Apr 28 17:46 ssl.cert
-rwx——— 1 ..2106 Apr 28 17:47 chain.cert
12) change the following in /etc/httpd/conf/httpd.conf:
SSLEngine on
SSLCertificateFile /home/domain.com/ssl.cert
SSLCertificateKeyFile /home/domain.com/ssl.key
to:
SSLEngine on
SSLProxyEngine on ## add
SSLCertificateFile /home/domain.com/ssl.cert
SSLCertificateKeyFile /home/domain.com/ssl.key
SSLCACertificateFile /home/domain.com/chain.cert##add
13) check the syntax
/usr/sbin/httpd -t;14) restart apache
systemctl restart httpd;15) check in both chrome and firefox
===================================
OLD WAY OF DOING IT
1) http://startssl.com – log in
2) Certificates Wizard (the tab in-between ToolBox & Validations wizard)
3) Web Server SSL/TLS Certificate
4) enter domain name in the “Validate domain(s):” box
5) Please submit your Certificate Signing Request (CSR)
5a) “Generated by Myself (.cer PEM format certificate)” (radio button)
6) you should now waiting for the certificate (CSR) from next step
—
10) in Virtualmin—>ServerConfiguration—>Manage_SSL_Certificate
11) Create Signing Request (tab), fill out page
12) copy generated CSR into the startssl.com page
13) generate PEM – copy
14) go back into virtualmin—>ServerConfiguration—>Manage_SSL_Certificate
15) Update Certificate and Key (tab)
16) paste text into Signed SSL Certificate (or upload file) 1_root_bundle.crt
Chaining certificate (final step)
https://www.virtualmin.com/node/11465
For SSL connections to Webmin/Virtualmin, you can manage chained certificates using Webmin -> Webmin -> Webmin Configuration -> SSL Encryption -> “Additional certificate files (for chained certificates)”.
For SSL connections to Virtual Servers being hosted on your server, you can manage chained certificates using Server Configuration -> Manage SSL Certificate -> CA Certificate.
https://startssl.com/Support?v=21 – adding chain file in
