www.bonsaiframework.com
Page tree

Versions Compared

Old Version 194

changes.mady.by.user Tin Pham

Saved on

compared with

New Version Current

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

From the results, we chose a free simple SSL certificate from the CA StartCom in a SSL certificate package called StartSSL Free.

Note there is a newer service (checked July 2018), a non-profit called Let's Encrypt that provides free SSL certificates. To understand what you get, you may look at their Hello World site.

SSL Setup (using openssl)

Server keys must be generated for the Certificate Signing Request (CSR). Openssl will be used to generate this CSR.

...

Info

On the topic of having SSL support for both https://www.earth.com and http://earth.com, when inspecting the certificate, navigate to,

  1. www.earth.com
  2. Certificate
  3. Extensions
  4. Certificate Subject Alt Name

Under the Certificate Subject Alt Name will see both DNS entries,

No Format
Not Critical
DNS Name: www.earth.com
DNS Name: earth.com

Checking for Mixed Content

If you inline load images without using a relative path you will get mixed content which makes your page insecure. Tools to check this,

And here's an example page of common mixed content errors.

Clean Up

Some CSR requests may be re-used to renew the Signed SSL Certificate. However, often most CA's will by process ask for a new CSR even if the original may be reused.

...

Check that you have not enabled the virtual host SSL instead of the just the virtual host because what is happening is with the virtual host SSL enabled its matching www.domain.com-ssl agains the common name www.domain.com.

...

 


References

https://help.ubuntu.com/10.04/serverguide/C/httpd.html#https-configuration - trying this one first.

...