Showing posts with label Thawte-SSL. Show all posts
Showing posts with label Thawte-SSL. Show all posts

Thursday, September 6, 2012

Securing Your Apache Web Server with a Thawte Digital Certificate


By using a Thawte secure sockets layer (SSL) digital certificate, organizations are able to directly implement SSL/TLS properly on the Apache server platform. Many users of encryption fail in one or more areas of the implementation, leading to embarrassment and financial losses for web hosting companies, application service providers, e-commerce shops and other online organizations. For the consumers violated by these failures, the financial losses might not compare to the loss of trust and perceived threat of identity theft. Thawte provides a higher level of trust by doing extended validation in issuance of digital certificates. This is clearly visible to users through the Thawte Trusted Site Seal and green bar.

The old saying that a chain is only as strong as its weakest link definitely applies in the use of SSL certificates. In fact, SSL is practically useless when deployed with self-signed certificates, mixed port HTTP sites, unencrypted cookies or when encrypting at rates that cannot withstand brute force attacks. Thawte serves any organization seeking reliable implementations of digital certificates on Apache. These certificates operate smoothly with all aspects of Apache, including virtual hosts, OpenSSL, ModSSL and Apache-SSL. By using Thawte SSL digital certificates with extended validation, visitors to an Apache host see that the certificate is valid and that "Thawte Inc [US]" provided the validation.

Securing any Apache server is a simple process. The server manager should install OpenSSL and ModSSL, Apache-SSL or any other library services that creates the interface between Apache and OpenSSL. Using the "openssl" application from the command prompt, the server manager should generate the "private" key that is used to make the official certificate signing request (CSR) to Thawte.

Common "openssl" command formats and options are available elsewhere; the server manager should not experiment with the CSR request process or "play around" with actual signings. There are multiple methods to test certificates, including creating self-signed test certificates that are signed by self-generated private keys. These methods for testing are fully compliant with X.509, but they have no purpose for authentication or encryption beyond the test and install process. Proper testing should occur in cases where the server managers or implementation team are inexperienced with the full process.

To conclude the actual implementation on the Apache server, the certificate is downloaded and installed by pasting into the proper server location. Thawte recommends using the name www.domain.com.crt for consistency. If the server's "httpd.conf" is missing the SSL Certificate File and SSL Certificate Key File directives, the server manager or implementation team should add them appropriately.

The implementation team should validate the success of the SSL implementation on the Apache server by connecting through multiple browsers and as many points of connection into the internet cloud as expected. Thawte recommends that troubleshooters begin with the Apache SSL FAQs at Thawte's website.

Author Bio

Jim Armstrong is part of the expertly trained rapidSSLonline.com team. RapidSSLOnline is one of the most inexpensive SSL certificate providers in the world. RapidSSLOnline offers Wildcard SSL, EV SSL, SAN SSL, and Code Signing SSL certificates of major SSL brands such as VeriSign / Symantec, GeoTrust, Thawte, and RapidSSL on global scale. 
Posted by Unknown at 9:57 PM 0 comments
Labels: , , , , ,

Monday, June 6, 2011

Installing SSL on cPanel with CSR generation

cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, resellers, and end-user website owners to control the various aspects of website and server administration through a standard web browser.

cPanel is commonly accessed on port 2082, with an SSL-secured server operating on port 2083.

Access through cPanel:
Generally cPanel customers will not have direct access to generate their own CSR (certificate signing request) and install an SSL. One may have to check with the hosting provider as to how to go about generating a CSR for certificates.

WHM (Web Hosting Manager):
The control center of the CPanel package is the WebHost Manager. Accounts can be set up and managed through WebHost Manager. Use WHM to generate your CSR and install your issued certificate.

To generate a CSR Certificate:
• Click on the “Generate an SSL certificate and Signing Request” link in the SSL/TLS menu.
• Enter the email address to send the certificate.
• Enter the domain that the SSL is being created for in the “Host to make cert. for” field.
• Fill in the other administration details of the certificate in the Country, State, City, Company Name, Company Division, and Email fields.
• Enter the password for the certificate in the Password field and click on “Create.”

On completion of these processes, an email will be sent to the address mentioned in the above steps with the download link to the certificate. Use the link to download the certificate, and afterward, perform the following steps.

Step 1: Certificates (CRT)

• Login to the Control Panel
• Click on SSL / TLS Manager
• Click “Generate, view, upload, or delete SSL certificates” option
• Paste the CSR supplied by the Certificate Authority in the “Certificate Signing Request (CSR)” section
• When the page loads, click the “Browse” button and locate the CRT file the SSL provider created. Or if you have highlighted and copied the contents of the CRT file, paste it in the “Upload a New Certificate” text box
• Click on the Upload button
• Click the “Go Back” link to return to SSL/TLS Manger

Step 2: Activate SSL on Your Web Site (HTTPS) (Perform this step prior to using the SSL Certificate)


• Click on SSL/TLS Manager > Setup a SSL certificate to work with your site. Contact your ISP, if this option is not available.
• From the Domain drop down menu select the domain that will use the SSL Certificate. The Cheap SSL Certificate and the corresponding private key will be fetched by the system.
• Open the Intermediate CA certificate in Notepad or another plain text editor and copy-and-paste all the contents of the intermediate file into the CA Bundle (CABUNDLE) box.
• Click on “Install Certificate.” If successful you should receive a message that the certificate was successfully installed.

Step 3: Verify Installation
To verify the installation correctly, use our SSL Certificate Checker

Once the SSL Certificate is installed correctly, the browser should display the essential lock pad beside the URL. High-end certificates such as an EV SSL Certificate will display the entire address bar in green.

About the Author:
RapidSSLonline is one of the largest cheap SSL certificate providers for VeriSign, GeoTrust SSL, Thawte and RapidSSL It provides 24/7 support for any question, anytime. For more information about RapidSSLonline please visit http://www.rapidsslonline.com
Posted by Unknown at 2:08 AM 0 comments
Labels: , , , , , ,
Subscribe to: Posts (Atom)