Welcome Guest | Login

Setting up a secure socket layer (SSL) for your domain: How to go https painlessly



This is a wiki article created by HostingRails users. Please login or signup to make edits.


There are always a zillion questions surrounding SSL and how to get it setup.  This little step-by-step tutorial is meant to help answer most of those as it pertains to your domain hosted with HostingRails.com.

First of all, some quick definitions for our purposes here, because they can get confusing:

KEY = the RSA private key - don't share this with anyone but HostingRails staff.
CSR = the certificate signing request - you give this to a place like Verisign so they can give you a CRT.
CRT = the SSL certificate

So - there are fancy graphical ways to do this but I'm not going to show you those.  All you need to do is SSH into your account and
username@hostname [~]# mkdir ssl 
username@hostname [~]# cd ssl 
username@hostname [~/ssl]# openssl genrsa -out www.yourdomain.com.key 1024
that will place your KEY (www.yourdomain.com.key) in ~/ssl

OK, next: 
username@hostname [~/ssl]# openssl req -new -key www.yourdomain.com.key -out www.yourdomain.com.csr
It will then ask you some questions, which you should answer - here's an example: 
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Washington
Locality Name (eg, city) [Newbury]:Seattle
Organization Name (eg, company) [My Company Ltd]:My Cool Company
Organizational Unit Name (eg, section) []:Security
Common Name (eg, your name or your server's hostname) []:www.domain.com
Email Address []:myemail@domain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:some_password_you_should_remember
An optional company name []:My Cool Company
It doesn't really matter what you put for "Organizational Unit Name" - what matters most is that you have www.domain.com - or sub.domain.com - because unless you purchase a wildcard CRT you have to use the CRT for www.domain.com/* URLS only.  

Ok.  Now.  Go buy a CRT from a place like verisign or goDaddy or something.  They will ask you for your CSR.  Just copy the CSR contents in where they ask for it.  

Finally - when you've purchased it - they will give you a CRT along with usually a third piece - an intermediate bundle - which should be all uploaded to your ~/ssl folder.  Then contact HostingRails support and ask them to install the CRT for your domain - be sure to tell them the exact domain (e.g. www.domain.com - or sub.domain.com)  








Hello Guest! In order to edit this article you must be an active client with us, please log in or sign up today!





Contributing Author(s):
William