If you are dealing with e-commerce and need to secure personal and confidential data that are transferred through the Internet, such as credit card information, authorization data, you may use an SSL certificates service.
SSL - Secure Sockets Layer - provides secure transfer of information between client and Internet.
SSL technology makes use of private key for data encryption transferred through an SSL connection. To provide secure connection through a SSL protocol between server and browser, a SSL certificate is required. It is an electronic document which uses a digital signature to bind together a public key with an identity information. SSL certificate contains information about the key's owner, public key, etc.
This module can be used to order new SSL certificates, renew existing ones and view the certificate's information.
Before ordering the service you will have to get you phone number verified. For more information about this procedure can be found in the Fraud protection module.
- View a list of certificates
- Order new certificate
- View the certificate
- Renew certificates
- Delete certificates
- Filter certificate list
View a list of certificates
- ID - certificate unique identifier.
- Domain - name of the certified domain.
- Package - service's package.
- Valid until - certificate's validity period.
- Status - current status:
- Ordered - you have completed the registration procedure, but the service has not been not paid for yet (in the Orders module the order status is "Open").
- Active - certificate is active.
- Expired - certificate has expired.
View the certificate
To view the SSL certificate's information, select the required certificate from the list and click the "Edit" icon. The form contains the following read-only tabs:
- Package - the name of the service's package.
- Order date - the date when the SSL certificate was ordered.
- Confirmation e-mail - the confirmation e-mail you have specified when ordering the SSL certificate.
Details (this tab includes the data you provided when ordering the SSL certificate in the ISPmanager control panel)
- Common name - the fully qualified domain name of your server.
- Organization - the legal name of your organization.
- Organization unit - the division of your organization handling the certificate.
- Country code (2 letter)- the two-letter ISO code for the country where your organization is located.
- State/province name - the state or region where your organization is located.
- City - the city or locality where your organization is located.
- Email - an email address used to contact your organization.
- First name - the name of the administrative contact.
- Last name - the last name of the administrative contact.
- Job title - the job title of the administrative contact.
- Email - an email address used to reach the administrative contact.
- Phone number - a telephone number used to reach the administrative contact.
- First name - the name of the technical contact.
- Last name - the last name of the technical contact.
- Job title - the job title of the technical contact.
- Email - an email address used to reach the technical contact.
- Phone number - a telephone number used to reach the technical contact.
- Name - the name of your organization.
- Country - the country where your organization is located.
- State/province - the state or province where your organization is located.
- City - the city or locality where your organization is located.
- ZIP code - the zip code of the city specified above.
- Address - provide the address information (including the street, office, etc.).
- Phone number - a telephone number used to reach a contact person.
Within seven days prior to the certificate expiration, You will need to renew it. To do that, select it from the list, click the "Renew" icon and fill out the form:
- Validity Period - provide the length of the certificate's validity period.
- Cost - depending on the period specified this parameter is set automatically.
- Pay by - select the desired payment method:
- Current account - this function is available, if You have already made payments, and there you have sufficient funds on your personal account.
- Add to the order... - if You have an order (in case You order several services and want to pay them all in one), you may add payment to the said order.
- Create new account - create a new account, which can be viewed and paid in the Orders module.
- Pay now - check the box to proceed with payment.
Note Before renewing your certificate will be checked. If the data is not correct, a customer will be required to correct them (for example, administrative contact data).
To delete a certificate, select it from the list and click the "Delete" icon. Confirm that you wish to delete the SSL certificate by clicking OK on the following form.
Filter certificate list
You can use the list filter to search the information about SSL by specific parameters. To initiate searching, click the "Filter" icon and fill out the form. You do not need to fill out all the fields. The search can be carried out by the certificate ID, name, domain name, validity period and status.
Once the filter is set, the list will be filtered by SSL. You can clear the filter that you have previously set by clicking the "Remove filter" button.
Useful openssl commands (use them when generating a CSR from the console)
The following section presents some of the more common basic commands and parameters to commands which are part of the OpenSSL toolkit.
- Generate a 2048 byte SSL certificate key. If the -des3 key is not specified, the key won't be encrypted:
# openssl genrsa -des3 -out example.com.key 2048
If you lose your password or file, you will have to generate a certificate again.
- Generate a CSR (this information is required when making an order in the billing panel):
# openssl req -new -key example.com.key -out example.com.csr
The domain name for which you need a certificate is specified in Common Name, such as example.com. "A challenge password" and "An optional company name" are not required (click Enter).
- Do not encrypt the key (is used when the certificate is installed not through ISpmanager, but manually into the Apache web-server configuration. Otherwise you will be required to enter a password every time your web server restarts:
# openssl rsa -in example.com.key -out example.com-nopass.key -passin stdin
Enter a password from the console (or you can use the key -passin pass:supersecretpassw0rd. The password should be stored in .history)
- Export the CSR file into a text file:
# openssl req -noout -text -in example.com.csr