Using namecheap wildcard SSL certificates for HTTPS
From Notes_Wiki
Home > CentOS > CentOS 6.x > Apache web server configuration > Using namecheap wildcard SSL certificates for HTTPS
namecheap allows purchase of wildcard SSL certificates from comodo, etc. at very good price. Process for purchasing wildcard SSL certificate from namecheap is:
- Register on namecheap.com
- Make payment for desired certificate
- Click on "Hi! Username" on top-left corner and click on "SSL certificates"
- Click on "Activate Now" option
- Select server type as "apache + openssl"
- Generate CSR using:
- openssl req -new -newkey rsa:2048 -nodes -keyout <domain>.key -out <domain>.csr
-
- Enter various details. Avoid setting password, optional company name extra attriutes.
- Copy and paste contents of csr file on namecheap.com website
- Choose administrator email ID for verification
- Click on link in email and enter verification code
- After verification you should receive zip file with ca.crt and signed certificate in email used for registration.
If free SSL certificates are desired consider using Installing lets-encrypt SSL certificate
Configure apache to use wildcard certificate
To configure apache virtualhost for using wildcard certificate use:
<VirtualHost *:443> ServerAdmin saurabh@example.com DocumentRoot /home/example/public_html/ ServerName www.sbarjatiya.com ErrorLog logs/www.sbarjatiya.com-error_log CustomLog logs/www.sbarjatiya.com-access_log combined SSLEngine on SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS" Header always set Strict-Transport-Security "max-age=31536000" SSLCertificateFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.crt SSLCertificateKeyFile /etc/httpd/conf/sbarjatiya_wild_cert/sbarjatiya.com.key SSLCertificateChainFile /etc/httpd/conf/sbarjatiya_wild_cert/ca-chain.crt </VirtualHost>
Here ca-chain.crt can be generated using certificates from zip file received in email as follows:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> ca-chain.crt
Home > CentOS > CentOS 6.x > Apache web server configuration > Using namecheap wildcard SSL certificates for HTTPS