Author name: ssl

How to Install SSL on Joomla The following instructions will guide you through the SSL installation process on Joomla. If you have more than one server or device, you will need to install the certificate on each individual server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificates, which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it Installation Instructions Install on your Server Before you can add SSL to your Joomla site, you’ll need to install the certificate on your server and you’ll need to remember its IP address. Configure your configuration.php file Open your configuration.php file and find the line that says “var.$live_site=” and enter your URL. Configure your .htaccess file Add the following lines of code: RewriteEngine On RewriteCond %{HTTPS} OFF RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} Enable SSL In Global Configuration, under the Server tab, there are three options in the Settings section. Choose Entire Site. Save Hit the Apply/Save button Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to install SSL on Drupal The following instructions will guide you through the SSL installation process on Drupal. If you have more than one server or device, you will need to install the certificate on each individual server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below.  What You’ll Need  Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificates, which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it Installation Instructions Configure your server Remember, Drupal is not a server, it’s a CMS, so you will need to configure your server first. Add the following directive <Directory “/path/to/yoursite”> AllowOverride All </Directory> Redirect all HTTP traffic to HTTPS <Virtual Host *:80> ServerName example.com Redirect “/” https://example.com/ </VirtualHost> <VirtualHost *:443> ServerName www.example.com # … SSL Configuration Goes Here </VirtualHost> Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install SSL on BigCommerce The following instructions will guide you through the SSL installation process on BigCommerce. If you have more than one server or device, you will need to install the certificate on each individual server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificates, which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it Installation Instructions Access Server Settings In the BigCommerce control panel, select Server Settings Add a 3rdParty SSL Certificate Select SSL Certificate, then click “Add a 3rd Party” Copy and Paste Copy and paste your SSL Certificate and any accompanying intermediates in to their respective fields Install Click Install, your certificate should be installed within 20 minutes Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install SSL/TLS Certificate on Google App Engine The following instructions will guide you through the SSL installation process on Google App Engine. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have received this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a ‘CA Bundle.’ If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. SSL/TLS Certificate Installation Instructions for Google App Engine Log into your Google Cloud account at https://cloud.google.com Go to Products & Services > App Engine In the App Engine Select SSL Certificates from the Settings option In SSL Certificates click on “Upload a new certificate” button & you will be shown the “Add a new SSL Certificate” option Locate certificate files Now, you must locate certificate files & the Private Key code that you had generated with the CSR. After that, click on “Upload” button to complete the installation process. Finally, you will see a page consisting of SSL installation details in it. Choose the domains you want to secure under “Enable SSL for the following custom domains” option & click “Save” button.  

How to Install SSL/TLS Certificate in Microsoft Exchange 2016 The following instructions will guide you through the SSL installation process on Microsoft Exchange 2013 EAC. If you still have not generated your certificate and completed the validation process, reference our Exchange 2016 CSR Generation Instructions. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have received this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a ‘CA Bundle.’ Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. Neither TheSSLStore nor the Certificate Authority requests or keeps your private key. SSL/TLS Certificate Installation Instructions for Microsoft Exchange 2016 Save SSL File to Server Copy your domain’s SSL certificate to the Exchange 2016 server’s network share folder, where the CSR was saved. Login to Exchange Admin Center Navigate to your Exchange Admin Center (EAC) via browser using your server’s URL (i.e. https://localhost/ecp) Login to the Exchange Admin Center with your Domain/user name and password. Complete “Pending Request” In EAC, on the left-hand sidebar menu, click Servers, then at the top of the page click Certificates. Certificates: In the center window, select your certificate request (listed by Friendly Name). On the right side, in the certificate request details panel, look under Status and click Complete. Provide the Path of the Saved Certificate Complete Pending Request Wizard: Under File to import, enter the UNC path to the location of your SSL file. Click OK. The certificate should now be installed, and the certificate request status should be Valid. Enable SSL/TLS Certificate for Exchange Services On the Certificates page, select the installed SSL and click the pencil icon. Certificate window: Click Services. Check all services that should utilize the SSL certificate, and click Save. Your SSL should now be enabled on all selected services on your Exchange 2016 server.  

How to Install SSL/TLS Certificate in Microsoft Exchange 2013 EAC The following instructions will guide you through the SSL installation process on Microsoft Exchange 2013 EAC. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have received this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a ‘CA Bundle.’ If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. SSL/TLS Certificate Installation Instructions for Microsoft Exchange 2013 EAC Complete your “Pending Request”. In the Exchange Admin Center, click on “Services”, go to “Certificates” and select the Pending Request. Then, click on “Complete” in the menu located on the right-hand side. Provide the path of the saved certificate. Review the “Status” column and see if the certificate is now Valid. Once the pending request is completed and you are directed to certificates menu, you will be notified in the Status column that the certificate is now valid. Note: SSL/TLS Certificates which are installed for Exchange services such as Outlook, ActiveSync, POP, SMTP, IMTP, etc. are not enabled automatically. It must be done manually by enabling the SSL/TLS certificate through the “edit” button. Enable SSL/TLS Certificate for Exchange Services Choose the services that you want to enable encryption for. Select the services for which you want to enable the SSL/TLS Certificate, and edit configuration of the installed SSL/TLS Certificate. While doing this you might notice that certain services are active by default and therefore it cannot be changed. It’s because Microsoft Exchange 2013 does not offer the editing of the SSL/TLS Certificate from the services. Instead of that, you would have to assign another SSL/TLS Certificate for these services that will be overwritten on the existing one. Overwrite any existing certificates. If you are heading towards overwriting the existing SSL/TLS Certificate, you will receive a warning message as shown below. Nothing to worry about, it’s shown just because the self-signed server certificate was already installed. Just click “Yes” to confirm overwriting. Congratulations, the SSL/TLS Certificate has been installed on your server!  

How to Install an SSL Certificate on Zimbra Mail Server The following instructions will guide you through the SSL/TLS Certificate installation process on “Zimbra Mail Server.” If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been received this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. SSL/TLS Certificate Installation Instructions for Zimbra Mail Server You can install SSL Certificate in two ways: Zimbra Administration Console– Web Interface B. Zimbra Certificate Manager – Command Line Interface (CLI) Installing SSL/TLS Certificate using Zimbra Administration Console Configure In the main menu, click Configure. Certificates – Install Certificate Select Certificates. Then, click the gear icon on the top right (next to Help) and select Install Certificate. Select the Target Server On the Select the Target Server tab, select your server from the Server Name drop-down menu. Click Next. Choose the Installation Option On the Choose the Installation Option tab. Then, click the bubble for Install the commercially signed certificate. Review the Certificate Signing Request Go to the last tab, Review the Certificate Signing Request. Verify that all of the CSR information is correct, then click Next. Upload the Certificate Go back up to the Upload the Certificate tab where you will import each required file to the server. Each of these files should be emailed to the admin and technical contacts for the certificate, and can also be downloaded in a zipped folder from your account. In the example image, the certificate is from Comodo and uses Comodo’s specific root and intermediate certificates. Please feel free to contact our support team if you have any questions about which certificate files you should use for your installation. Install the Certificate Finally, go to the Install the Certificate tab and click Install. Restart To apply the changes you’ve just made, you’ll need to restart Zimbra services using the Command Line Interface. Enter these commands to switch to Zimbra user: sudo su su zimbra Once the user is switched to Zimbra user, restart the services using following command: zmcontrol restart Congratulations!!! You’ve done it. You’ve successfully installed your SSL certificate on your Zimbra server. Wasn’t so hard, was it? Installing SSL/TLS Certificate using Zimbra Certificate Manager (Command Line Interface) Zimbra package comes with “zmcertmgr” tool for handling SSL Certificates. For Version 8.6 or lower, this tool must be accessed as root. If you have version 8.7 or later, you should run this tool as zimbra user. Run the below command in order to switch from default user to zimbra user. sudo su su zimbra Download and save the root CA certificate to a temporary file. For example: /tmp/ca.crt These files should be labeled in the zipped folder you can download from your account. Combine root and intermediate CA certificates into a temporary file. cat /tmp/ca_intermediary.crt /tmp/ca.crt > /tmp/ca_chain.crt Verify your certificate /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle Deploy your SSL certificate /opt/zimbra/bin/zmcertmgr deploycrt comm /opt/server_domain_com.crt /opt/server_domain_com.ca-bundle Verify the certificate deployment /opt/zimbra/bin/zmcertmgr viewdeployedcrt Restart Zimbra to apply changes Enter these commands to switch to Zimbra user: sudo su su zimbra Once the default user is switched to Zimbra user, run the following command to restart the server: zmcontrol restart Your certificate should now be installed.  

How to Install an SSL/TLS Certificate on Microsoft Exchange 2013 The following instructions will guide you through the SSL installation process on Microsoft Exchange 2013. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Copy your certificate Copy your SSL Certificate to your Exchange Server’s Network Share Folder. Note: This should be the same location where you saved your CSR. Open Exchange Admin Center This can be done by opening a browser and visiting:https://localhost/ecp Log in Select Servers In the left-hand column, select Servers, then select Certificates from the top-right menu. Select Complete Choose your SSL Certificate from the menu in the middle of the page, then select Complete. Enter the network path Enter the network path where your certificate file is located. Select OK Select OK, and the certificate will be installed on the server. Enable Your Certificate Go back to Exchange Admin Center To enable your SSL Certificate, go back to the Certificates section of the Exchange Admin Center (from Step 4). Select your certificate Select the Certificate you would like to enable and click the Edit icon. Select your services Click the Services option and select the services you would like you SSL Certificate enabled for, then click Save. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.  

How to Install an SSL/TLS Certificate In Web Host Manager (WHM) The following instructions will guide you through the SSL installation process on Web Host Manager (WHM). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Log in to WHM Log in to WHM, this can typically be accessed by going to https://domain.com:2087. Note: You may encounter error message “Your connection is not private” or something similar when attempting to visit your WHM login page. This is caused due to your login page using a self-signed certificate by default. Please disregard this and proceed past the error message. Enter Username/Password Enter your Username/Password and click Log in. Go to your Homepage Make sure you’re on your WHM Homepage. Click SSL/TLS Click the SSL/TLS button. Click Install an SSL Certificate on a Domain In your SSL/TLS Manager page, click Install an SSL Certificate on a Domain. Type in your domain name In the Domain field, type the domain name you want to secure with your SSL Certificate. Input your Certificate Files Copy and paste your Certificate Files into the appropriate text box(s). Certificate– This is your server certificate that was issued to your domain(s).Note 1: WHM should automatically fetch the Certificate (CRT) text if you previously uploaded the server certificate  on the server and entered the correct domain name above. Note 2: If you received the certificate in a ZIP file, click “Extract All” and then drag your server certificate into a text editor such as Notepad. This will allow you to copy all text contents needed including “—–BEGIN CERTIFICATE—–” and “END CERTIFICATE—–“. Private Key – This is your private key that was created during the generation process.Note 1:WHM should automatically fetch the Private Key text if you previously created the Certificate Signing Request (CSR) in the “Generate an SSL Certificate and Signing Request” section of your SSL/TLS Manager and entered the correct domain name above.Note 2: If you made the CSR and private key outside of your WHM account and failed to save the files, you will have problems proceeding and may need to re-issue the SSL certificate with a newly created key pair. Certificate Authority Bundle (optional) – These are your intermediate certificates that allow browsers and devices to understand who issued your trusted certificate.Note 1:WHM automatically fetch the CA Bundle from a public repository. If you forgot to save these files, download the appropriate CA/Chain Certificate for your certificate.  Note 2: If you have multiple intermediate certificates, paste each of them one after another to create the correct certificate chain/path. Click Install Once you’ve inpuuted the Certificate Files into the correct boxes, click Install. Note 1: You are not required to “Enable SNI for Mail Services”. Server Name Indication (SNI) should only be used if multiple hostnames are being server over HTTPS from the same IP address. Note 2: You or your web host may need to restart the Apache server before the certificate will work. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect. To check your server’s configurations more thoroughly, use our SSL Checker Tool or contact our Customer Experience Department for additional assistance. Manual Intermediate Installation Instructions If the intermediate certificates did not successfully install and configure themselves accordingly using the instructions above, please reference the instructions below on how to manually install them directly in Apache. If you do not have access to your Apache server, please contact your web host or system administrator for additional assistance. Locate the Virtual Host File Locate the Virtual Host File, this can typically be accessed in the /etc/httpd/conf/httpd.conf file.Note: The location and name of this file can change from server to server depending on your configuration. Another popular name for the file is “SSL.conf”. View the Virtual Host File View the Virtual Host configuration with the proper name & IP address (including port 443). Edit your Virtual Host Edit your Virtual Host configuration by adding the bolded YourIntermediateCertificate file below: <VirtualHost 192.168.255.255:443> DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile  /path/to/YourIntermediateCertificate.crt </VirtualHost> Note: Make sure you type the correct file path and name where you plan on saving the intermediate certificates. You should save these certificates in the same directory that cPanel has your server certificate and private key stored. Save the changes Save the configuration file changes. Add the intermediate certificate Add the intermediate certificate file to the same directory that cPanel has your server certificate and private key stored. Restart your server Restart your Apache server.  

How to Install an SSL/TLS Certificate In Tomcat The following instructions will guide you through the SSL installation process on Tomcat. If you have more than one server or device, you will need to install the certificate on each server or device you need to secure. If you still have not generated your certificate and completed the validation process, reference our CSR Generation Instructions and disregard the steps below. What You’ll Need Your server certificate This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order. Your intermediate certificates These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle. If not, download the appropriate CA Bundle for your certificate. Your private key This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it. Installation Instructions Convert your certificate files Convert your certificate files from PEM (.cer or .crt)  to PKCS#7 (.p7b) Format. You can easily do this on your own system by running below OpenSSL command. openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer Access your Directory Go to the same Directory where you previously saved the keystore and Certificate Signing Request (CSR). Note: You must install the certificate on the same keystore and under the same “alias name.” If not, you will encounter problems during installation and may have to start over. Run the Install command Install the certificate in the same keystore by running the following command: keytool -import -trustcacerts -alias server -file your_file_name.p7b -keystore your_domain_name.jks Note: Replace “your_domain_name” with the primary domain you will be securing and “your_file_name” with the PKCS#7 file name that you recently converted & saved. Check confirmation message You should receive this confirmation message: “Certificate reply was installed in keystore.” Enter Y Enter Y or Yes when prompted to trust the certificate. Note: Your keystore now has the correct certificate files to use SSL/https on your Tomcat server. Configure an SSL Connector Now, you need to configure an SSL connector which will enable the server to accept secure connections. Open the .xml file Open the .xml file from your server in a text editor such as Notepad. Note: The .xml file is generally stored in the conf folder in your server’s home directory. Locate your connector Locate the connector that you intend to use the new keystore to secure. Note: Typically, the connector used has port 443 or 8443. Uncomment the connector Uncomment the connector – if necessary – by removing the comment tags (<!– and –>). Enter the keystore filename and password Enter the correct keystore filename and password. See our example below: <  Connector port=”443″ maxHttpHeaderSize=”8192″ maxThreads=”150″  minSpareThreads=”25″ maxSpareThreads=”75″  enableLookups=”false” disableUploadTimeout=”true”  acceptCount=”100″ scheme=”https” secure=”true” SSLEnabled=”true” clientAuth=”false” sslProtocol=”TLS” keyAlias=”server”  keystoreFile=”/home/user_name/your_domain_name.jks”  keystorePass=”your_keystore_password” /> Note: If you are using a version prior to Tomcat 7, please change the word “keystorePass” to “keypass”. Save your changes Save all changes made to your .xml file. Restart Tomcat Restart your Tomcat server to complete the SSL installation process. Congratulations! You’ve successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.