FAQ: How To get your Dathorn hosted site SSL certified
FAQ: How To get your Dathorn hosted site SSL certified
If you need to put up online shopping site then you must encrypt communication with visitors to protect their private information, and especialy to protect theircredit card numbers typed on payment forms. To establish secured connection you must have certificate installed on your hosting server.
However, it is not privacy and credit card numbers that only requres protection. If you have member access site you would like to protect it to prevent anyone to sniff usernames and passwords. Without secure connection, anything user types in your forms flow through internet as open text and someone interested and knowleadgable enough may read it.
To install certificate you need to have dedicated IP for each domain. Dathorn provides IP addresses per request. First IP will be free, others must be payed.
Go to www.dathorn.com, log in and use menu option "IP addresses". Click on request IP and enter requested data: domain you want to certificate, and reason (simply put: "I need IP to enable SSL on this site"). This will create Trouble Ticket with your request. You'll have to wait for some time for administrator response. They will provide you IP address.
Then, go to WHM account (not cpanel). Find options regarding SSL certificates and use "Generate an SSL Certificate and Signing Request". It will ask You for some information, form is plain and easily understandable. Enter data, submit form and certificate request will be created (block of encoded data). Certificate request will be also sent to email address you specified. use it to obtain certificate from certificate provider.
Provider will give you the certificate. Certificate is valid only for domain you specified. When you ask for certificate ask for standard one. Do not use chained or multidomain certificates. They do not work with Dathorn.
Certificates are usualy not free. You may find certification providers using Google, but here are two that are used by other Dathorn users and they surely work:
http://www.geotrust.com/
There is also certificate provider that issues free certificates http://www.cacert.org/. Their policy is simple: they think certificates should not cost anything. However, as certificates must be trustable they found out a way to provide assured identification of the owner. They provide both assured and unassured certificates.
https://cert.startcom.org/ also provides untrusted certificates which are not good for credit card processing but for protecting web admin access they are ok.
You can create SSL certificate using OpenSSL but it will be unassured.
What is the difference? Well, people who pay online will use your service only if you use assured certificate. This means it is known wko owns it and their transacion is protected not only by encryption means but also by name and responsibility of the certificate owner. In case of fraud or ony other problem, they know that there is someone who will be held responsible.
If site uses unassured certificate, noone will dare to use credit card there. However, unassured certificates are ok if you need encryption for your internal purpose: to protect usernames and passwords or other information that may be shown on your site. For an example, you have administration section on your site which is password protected and you want to keep it off sight of anyone else.
Well, let's go futher. You got your certificate no matter how and you want to install it.
Login to your WHM account again and now use "Install an SSL Certificate and Setup the Domain". Important: use Internet Explorer. This option does not work with Mozilla. Yes it is outrageous but that is the way it is. You will get form where you provide your certificate and private key.
Do this: in domain filed enter domain which for certificate is obtained. Then click on both Fetch buttons and form will be filled with information if it is already available on server. If not fill it in by hand. In upper field put your certificate which should look like this:
-----BEGIN CERTIFICATE-----
MIIDlkaasldfjljknkuahsydfkjhnakjsdfasdfknskjbhsiod uoetr78948yalw
ecyn9aw8yul;awj0df89yabwy80fbasl08dyld890fyuavnw49 08yvalwvtawtas
dfascTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMA kGA1UEBhMCY3Mx
FAYDVQQDEw1pbmZvc3lzLmNvLnl1MR4wHAYJKoZIhvcNAQkBFg 9wZWRqYUB1emlj
ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWucL NfGBsS4nPZdRKl
7bcegapXs6xgTukvHqVEtugbuHHk0K4gVuGVYYdTe/7uLLdDX0Ei0Cbw2Xng1KZY
DzANBgNVBAgTBlNyYmlqYTEOMAwGA1UEBxMFVXppY2UxEDAOBg NVBAoTB0luZm9z
eXMxDjAMBgNVBAsTBVV6aWNlMRYwFAYDVQQDEw1pbmZvc3lzLm NvLnl1MR4wHAYJ
BAMTDWluZm9zeXMuY28ueXUxHjAcBgkqhkiG9w0BCQEWD3BlZG phQHV6aWNlLm5l
dIIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBADrL46wTZYSP8+D+
mEsfidZ2LJbolH4U3SIot17RpboDhn1J8Dx8IK/ZDqN029OkPbn0tay3fMWlprIf
FAYDVQQDEw1pbmZvc3lzLmNvLnl1MR4wHAYJKoZIhvcNAQkBFg 9wZWRqYUB1emlj
fu6phTsDm4oHOvWUwyvYzY01AgMBAAGjgegwgeUwHQYDVR0OBB YEFMppm8/Qe/A8
/7VNvYydI6NEpn1QMIG1BgNVHSMEga0wgaqAFMppm8/Qe/A8/7VNvYydI6NEpn1Q
oYGOpIGLMIGIMQswCQYDVQQGEwJjczEPMA0GA1UECBMGU3JiaW phMQ4wDAYDVQQH
EwVVemljZTEQMA4GA1UEChMHSW5mb3N5czEOMAwGA1UECxMFVX ppY2UxFjAUBgNV
4Wk0XIyVd0uWd/RcCGU8Dpb78EqQ
-----END CERTIFICATE-----
In lower field put private key which should look like this:
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQClrnCzXxgbEuJz2XUSpe23HoGqV7OsYE7pLx 6lRLboG7hx5NCu
cgghhd48dh8s00nnlskduf0978345ljklkhowdf87;a;HGFi78 934i5julwekfwe
AoGAF+Usw/H3HBCBMIwwYlwkCMERmmvDshzBxMfS96sNZjR5SZPitPpdDXPp +QaF
wA6W3/NmhkN9lNd1EE3vFUvllk+AcXmZVp6XO+3H4Vh1qzjAtUt0xzJ4 lwJAKTGt
/IuXSGJYTJ+1sCaezt2y6rHajzX3XkntuoguwoWDvHkhQJbxlAt uFbAgyYc12arW
IFbhlWGHU3v+7iy3Q19BItAm8Nl54NSmWEoBrTKspvw5/NNoPZBaFByS5dKoJPAQ
dfascTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMA kGA1UEBhMCY3Mx
X6MiN9wzpMVMmBEsjHNsuAELyy6aDZFn3gG09Jx07qQPJUJaJ6 q2FohVr9UqCK7g
fu6phTsDm4oHOvWUwyvYzY01AgMBAAGjgegwgeUwHQYDVR0OBB YEFMppm8/Qe/A8
/7VNvYydI6NEpn1QMIG1BgNVHSMEga0wgaqAFMppm8/Qe/A8/7VNvYydI6NEpn1Q
4Uc01+B/zy5rJ5Y4+QJBAItNH2aCJoJh9pfMHz74x5o2bJM1DBwiN/gcx5GqF8xq
EApZvvnbpNELwUa0+Nfkls3lEHCWMD5AXJO5zhcV6Mc=
-----END RSA PRIVATE KEY-----
Enter domain name, username and Ip address provided by Dathorn and click "Do it" button.
Server will show you process of certificate instalation and when it is finished check it by accessign site but using https: instead of http:. It should work and that is it.
Now, change your scripts to force access via https: on pages which need to be protected.
You have secured site access.
If you need to put up online shopping site then you must encrypt communication with visitors to protect their private information, and especialy to protect theircredit card numbers typed on payment forms. To establish secured connection you must have certificate installed on your hosting server.
However, it is not privacy and credit card numbers that only requres protection. If you have member access site you would like to protect it to prevent anyone to sniff usernames and passwords. Without secure connection, anything user types in your forms flow through internet as open text and someone interested and knowleadgable enough may read it.
To install certificate you need to have dedicated IP for each domain. Dathorn provides IP addresses per request. First IP will be free, others must be payed.
Go to www.dathorn.com, log in and use menu option "IP addresses". Click on request IP and enter requested data: domain you want to certificate, and reason (simply put: "I need IP to enable SSL on this site"). This will create Trouble Ticket with your request. You'll have to wait for some time for administrator response. They will provide you IP address.
Then, go to WHM account (not cpanel). Find options regarding SSL certificates and use "Generate an SSL Certificate and Signing Request". It will ask You for some information, form is plain and easily understandable. Enter data, submit form and certificate request will be created (block of encoded data). Certificate request will be also sent to email address you specified. use it to obtain certificate from certificate provider.
Provider will give you the certificate. Certificate is valid only for domain you specified. When you ask for certificate ask for standard one. Do not use chained or multidomain certificates. They do not work with Dathorn.
Certificates are usualy not free. You may find certification providers using Google, but here are two that are used by other Dathorn users and they surely work:
http://www.geotrust.com/
There is also certificate provider that issues free certificates http://www.cacert.org/. Their policy is simple: they think certificates should not cost anything. However, as certificates must be trustable they found out a way to provide assured identification of the owner. They provide both assured and unassured certificates.
https://cert.startcom.org/ also provides untrusted certificates which are not good for credit card processing but for protecting web admin access they are ok.
You can create SSL certificate using OpenSSL but it will be unassured.
What is the difference? Well, people who pay online will use your service only if you use assured certificate. This means it is known wko owns it and their transacion is protected not only by encryption means but also by name and responsibility of the certificate owner. In case of fraud or ony other problem, they know that there is someone who will be held responsible.
If site uses unassured certificate, noone will dare to use credit card there. However, unassured certificates are ok if you need encryption for your internal purpose: to protect usernames and passwords or other information that may be shown on your site. For an example, you have administration section on your site which is password protected and you want to keep it off sight of anyone else.
Well, let's go futher. You got your certificate no matter how and you want to install it.
Login to your WHM account again and now use "Install an SSL Certificate and Setup the Domain". Important: use Internet Explorer. This option does not work with Mozilla. Yes it is outrageous but that is the way it is. You will get form where you provide your certificate and private key.
Do this: in domain filed enter domain which for certificate is obtained. Then click on both Fetch buttons and form will be filled with information if it is already available on server. If not fill it in by hand. In upper field put your certificate which should look like this:
-----BEGIN CERTIFICATE-----
MIIDlkaasldfjljknkuahsydfkjhnakjsdfasdfknskjbhsiod uoetr78948yalw
ecyn9aw8yul;awj0df89yabwy80fbasl08dyld890fyuavnw49 08yvalwvtawtas
dfascTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMA kGA1UEBhMCY3Mx
FAYDVQQDEw1pbmZvc3lzLmNvLnl1MR4wHAYJKoZIhvcNAQkBFg 9wZWRqYUB1emlj
ZS5uZXQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKWucL NfGBsS4nPZdRKl
7bcegapXs6xgTukvHqVEtugbuHHk0K4gVuGVYYdTe/7uLLdDX0Ei0Cbw2Xng1KZY
DzANBgNVBAgTBlNyYmlqYTEOMAwGA1UEBxMFVXppY2UxEDAOBg NVBAoTB0luZm9z
eXMxDjAMBgNVBAsTBVV6aWNlMRYwFAYDVQQDEw1pbmZvc3lzLm NvLnl1MR4wHAYJ
BAMTDWluZm9zeXMuY28ueXUxHjAcBgkqhkiG9w0BCQEWD3BlZG phQHV6aWNlLm5l
dIIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBADrL46wTZYSP8+D+
mEsfidZ2LJbolH4U3SIot17RpboDhn1J8Dx8IK/ZDqN029OkPbn0tay3fMWlprIf
FAYDVQQDEw1pbmZvc3lzLmNvLnl1MR4wHAYJKoZIhvcNAQkBFg 9wZWRqYUB1emlj
fu6phTsDm4oHOvWUwyvYzY01AgMBAAGjgegwgeUwHQYDVR0OBB YEFMppm8/Qe/A8
/7VNvYydI6NEpn1QMIG1BgNVHSMEga0wgaqAFMppm8/Qe/A8/7VNvYydI6NEpn1Q
oYGOpIGLMIGIMQswCQYDVQQGEwJjczEPMA0GA1UECBMGU3JiaW phMQ4wDAYDVQQH
EwVVemljZTEQMA4GA1UEChMHSW5mb3N5czEOMAwGA1UECxMFVX ppY2UxFjAUBgNV
4Wk0XIyVd0uWd/RcCGU8Dpb78EqQ
-----END CERTIFICATE-----
In lower field put private key which should look like this:
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQClrnCzXxgbEuJz2XUSpe23HoGqV7OsYE7pLx 6lRLboG7hx5NCu
cgghhd48dh8s00nnlskduf0978345ljklkhowdf87;a;HGFi78 934i5julwekfwe
AoGAF+Usw/H3HBCBMIwwYlwkCMERmmvDshzBxMfS96sNZjR5SZPitPpdDXPp +QaF
wA6W3/NmhkN9lNd1EE3vFUvllk+AcXmZVp6XO+3H4Vh1qzjAtUt0xzJ4 lwJAKTGt
/IuXSGJYTJ+1sCaezt2y6rHajzX3XkntuoguwoWDvHkhQJbxlAt uFbAgyYc12arW
IFbhlWGHU3v+7iy3Q19BItAm8Nl54NSmWEoBrTKspvw5/NNoPZBaFByS5dKoJPAQ
dfascTCCAtqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBiDELMA kGA1UEBhMCY3Mx
X6MiN9wzpMVMmBEsjHNsuAELyy6aDZFn3gG09Jx07qQPJUJaJ6 q2FohVr9UqCK7g
fu6phTsDm4oHOvWUwyvYzY01AgMBAAGjgegwgeUwHQYDVR0OBB YEFMppm8/Qe/A8
/7VNvYydI6NEpn1QMIG1BgNVHSMEga0wgaqAFMppm8/Qe/A8/7VNvYydI6NEpn1Q
4Uc01+B/zy5rJ5Y4+QJBAItNH2aCJoJh9pfMHz74x5o2bJM1DBwiN/gcx5GqF8xq
EApZvvnbpNELwUa0+Nfkls3lEHCWMD5AXJO5zhcV6Mc=
-----END RSA PRIVATE KEY-----
Enter domain name, username and Ip address provided by Dathorn and click "Do it" button.
Server will show you process of certificate instalation and when it is finished check it by accessign site but using https: instead of http:. It should work and that is it.
Now, change your scripts to force access via https: on pages which need to be protected.
You have secured site access.
Comment