Sign up with GoogleYou should run the openssl commands to generate the CSR on your own PC, not not any shared host.
-
Ask a question and get free supportUnlock new privileges and see hidden discussionsWin prizes and earn reputation
-
Question of the day ~ How often do you braai?
-
Afristay giveaway.Win a 2-night stay for two people at an establishment of your choice with R1,000 in spending money. Enter here.
Free SSL Certificate ( Green HTTPS bar )
- Thread starter Thor
- Start date
You should run the openssl commands to generate the CSR on your own PC, not not any shared host.
If you're using a hosting provider then you need to pay your hosting provider to install it (basically include it in their nginx/apache config).
If it's a self signed certificate that you're creating then you're not going to have the green bar.
A free alternative to self signed is startssl (1 year expiry I think) or letsencrypt (60 or 90 day expiry, I can't remember, it was mentioned upthread).
Easiest option is to buy a certificate through your hosting provider that will cost a bit but be signed by Thwarte or whatnot.
I hope this post doesn't confuse you.
Are you following a guide?
If it's a self signed certificate that you're creating then you're not going to have the green bar.
A free alternative to self signed is startssl (1 year expiry I think) or letsencrypt (60 or 90 day expiry, I can't remember, it was mentioned upthread).
Easiest option is to buy a certificate through your hosting provider that will cost a bit but be signed by Thwarte or whatnot.
I hope this post doesn't confuse you.
Are you following a guide?
Thor
Honorary Master
- Joined
- Jun 5, 2014
- Messages
- 44,236
That makes perfect sense now I was not aware of the Apache configurations that is needed. In other words this should be quite straightforward on a VPS? Running CentOS and Apache php and mysql?
MagicDude4Eva
Banned
- Joined
- Apr 2, 2008
- Messages
- 6,479
If you actually clicked on any of the links in my post, you would get all the config records - https://mozilla.github.io/server-side-tls/ssl-config-generator/
DO NOT enable HSTS - Strict-Transport-Security - this could really screw up your site if it is not fully compliant. Worst is that Mozilla sets this to a year - so it will be broken client-side for that long.
A CSR is not a cert. I would recommend either doing some significant reading on the subject, or pay your hosting provider to sort it out, if you are on some kind of shared hosting. And free certs need significantly more technical knowledge to work with, so I would not recommend going there until you know a lot more about the subject.
Thor
Honorary Master
- Joined
- Jun 5, 2014
- Messages
- 44,236
No no I fully understand all of this now. I came along way since I posted this thread. Incredible how much there is to learn in this industry.
Thanks everyone.
DrJohnZoidberg
Honorary Master
- Joined
- Jul 24, 2006
- Messages
- 23,995
My guide covers exactly that.
Letsencrypyt is actually super easy to use!
I've used it on a few client sites (like https://www.mymathsbuddy.co.za). You do need root access though as far as I'm aware to install their app...
For the record, we're busy at the moment implementing letencrypt into our control panel (in my sig) so that user's can simply click a button to turn SSL on or off for a domain... Can't get easier than that
I've used it on a few client sites (like https://www.mymathsbuddy.co.za). You do need root access though as far as I'm aware to install their app...
For the record, we're busy at the moment implementing letencrypt into our control panel (in my sig) so that user's can simply click a button to turn SSL on or off for a domain... Can't get easier than that
- Joined
- Nov 17, 2015
- Messages
- 1,555
Did you come right with Letsencrypt?