Using namecheap wildcard SSL certificates for HTTPS
From Notes_Wiki
<yambe:breadcrumb>Apache_web_server_configuration|Apache web server configuration</yambe:breadcrumb>
Using namecheap wildcard SSL certificates for HTTPS
namecheap allows purchase of wildcard SSL certificates from comodo, etc. at very good price. Process for purchasing wildcard SSL certificate from namecheap is:
- Register on namecheap.com
- Make payment for desired certificate
- Click on "Hi! Username" on top-left corner and click on "SSL certificates"
- Click on "Activate Now" option
- Select server type as "apache + openssl"
- Generate CSR using:
- openssl req -new -newkey rsa:2048 -nodes -keyout <domain>.key -out <domain>.csr
-
- Enter various details. Avoid setting password, optional company name extra attriutes.
- Copy and paste contents of csr file on namecheap.com website
- Choose administrator email ID for verification
- Click on link in email and enter verification code
- After verification you should receive zip file with ca.crt and signed certificate in email used for registration.
Configure apache to use wildcard certificate
To configure apache virtualhost for using wildcard certificate use:
<VirtualHost *:443> ServerAdmin saurabh@rekallsoftware.com DocumentRoot /home/example/public_html/ ServerName www.sbarjatiya.com ErrorLog logs/www.sbarjatiya.com-error_log CustomLog logs/www.sbarjatiya.com-access_log combined SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" SSLCertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.crt SSLCertificateKeyFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.key SSLCertificateChainFile /etc/httpd/conf/sbarjatiya_wild_cert/ca_chain.crt SSLCACertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/ca.crt </VirtualHost>
Here ca.crt is the recent CA certificate obtained in email in zip file along with signed wildcard certificate. ca_chain.crt is an older CA External Trust certificate. If in doubt try swapping the certificates till working configuration is obtained.