Tag Archives: ssl

Configuring One Server To Handle HTTP & HTTPS Respectively

On an Nginx server, it is possible for you to configure it to manage both HTTP and HTTPS requests.

You should also know that prior to 0.7.14, it was not possible to enable SSL certificate selectively over individual listening sockets, as we have done here in the following given code:

server {
    listen              80;
    listen              443 ssl;
    server_name         www.yoursite.com;
    ssl_certificate     www.yoursite.com.crt;
    ssl_certificate_key www.yoursite.com.key;
    ...
}

Before SSL could only be enabled over the entire server using an SSL directive, thus it was impossible to put up a single HTTP/HTTPS server. Afterward, the SSL parameter of the listen directive was added to resolve this problem.

The use of the SSL directive in newer versions has been discouraged.

When Multiple HTTPS Servers Listen On A Single IP Address

In SSL protocol conduct, a typical problem occurs when two or more configured HTTPS servers listen on a single IP address.

server {
    listen          443 ssl;
    server_name     www.yoursite.com;
    ssl_certificate www.yoursite.com.crt;
    ...
}

server {
    listen          443 ssl;
    server_name     www.yoursite.org;
    ssl_certificate www.yoursite.org.crt;
    ...
}

As shown above, what exactly happens here is that the client browser starts to receive the default server’s certificate (www.yoursite.com) regardless of the name of the server requested.

This is pushed by SSL protocol conduct. Here, the connection via SSL is made before the browser sends another HTTP request and Nginx does not know the server name requested. Hence, it may only offer the default server’s certificate.

Here’s the solution:

server {
    listen          192.168.1.1:443 ssl;
    server_name     www.yoursite.com;
    ssl_certificate www.yoursite.com.crt;
    ...
}

server {
    listen          192.168.1.2:443 ssl;
    server_name     www.yoursite.org;
    ssl_certificate www.yoursite.org.crt;
    ...
}

Above given is the ancientest and most powerful way used for resolving this issue. Here a separate IP address is assigned for each HTTPS server.

Updating Nginx Server Configuration To Use The SSL You Have Purchased

You need to update the config file on your server to use the SSL certificate you are subscribed to. This can be done by accessing the command line SSH and opening the Nginx config file for the domain you are installing the SSL certificate.

Simply run the following command:

sudo vim /etc/nginx/sites-available/yourwebsite.com

Now update the config file to use the SSL certificate:

server {
        listen 80;
        server_name yourwebsite.com;
        return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;

    server_name yourwebsite.com;
    ssl_certificate     /etc/nginx/ssl/yourwebsite.crt;
    ssl_certificate_key /etc/nginx/ssl/yourwebsite.key;

    root /usr/share/nginx/yourwebsite.com/;
    index index.php  index.html index.htm;

}

The next step is to save the file using this command:

wq!

And then restart your Nginx server with this command:

sudo service nginx restart

That’s it.

Configuring SSL & Intermediate Certificates On Nginx Server

In the previous lesson, you learned about installing and configuring Nginx on your dedicated server. Now this lesson is on installing SSL and other standard certificates.

The first thing you need to do is get an SSL certificate from Sangkrit.net, once you subscribe to it and your certificate request is approved just download it to install those files on your dedicated server.

To download and install your certificate files follow these steps:

  1. Visit your Sangkrit.net product page
  2. Select SSL Certificates
  3. Select Manage next to the certificate you need to download
  4. Select a Server type
  5. Click the Download Zip File option
  6. Your certificate would start downloading now.
  7. Copy the SSL certificate file and the certificate bundle file to the Nginx server
  8. You already have a key file on the server which you got when you generated your certificate request.
  9. Now edit your Nginx configuration to reference these files

Your certificate is installed now. Remember, the actual configuration file you edit depends on your version of Nginx, your OS platform, or the method you are using to install Nginx.

Configuring SSL On Linux VPS & Dedicated Servers

To configure an SSL on your server there are mainly three steps: subscribe to it, generate a certificate signing request, and once SSL is approved, install it on your server.

This lesson shows you the step-by-step process of implementing SSL on a Linux-based server.

What is SSL? The SSL certificate establishes encryption over information that is sent to the server. It scrambles data into an undecipherable format that can only be returned to a readable format with a proper decryption key. 

How Does SSL Works? When a client attempts to send confidential information to a Web server, the user’s browser accesses the server’s digital certificate and establishes a secure connection.

SSL authenticates the identity of a website. It contains the following information: 

  1. The certificate holder’s name & public key 
  2. The certificate’s serial number and expiration date 
  3. The digital signature of the certificate-issuing authority

How to install SSL on your VPS or Dedicated Server?

  1. Open SANGKRIT.net account
  2. Visit your Products page
  3. Select SSL Certificates 
  4. Select Manage for the certificate you want to use
  5. Under Download Certificate, select a Server type and then select Download Zip File.

Launch your dedicated server:

  1. Visit your Products page
  2. Click the Servers tab
  3. Next to the account, you want to use, click Launch
  4. From the management interface, next to cPanel Site,
  5. Click Manage Server (WHM) and click Proceed

Upload & Install SSL certificate

  1. Search SSL on the left sidebar menu on WHM cPanel
  2. Click Install an SSL certificate on the domain
  3. Type your domain name in the first field
  4. Click the Browse button
  5. Select and upload your SSL certificate
  6. Click Install button

When you choose the browse and upload option, the empty fields are auto-discovered and filled from the SSL you are uploading. Once SSL is installed you may redirect your HTTP site to an HTTPS connection.

How To Fix The Issues WordPress Has With SSL?

You can seamlessly map your website URLs to HTTPS and get most of the mixed and insecure content errors automatically fixed on your WordPress website.

If you have SSL subscribed and your site has access to it, then you just need to install-activate a WordPress plugin called Really Simple SSL, and that’s it. Your site will get automatically moved to a secure HTTPS connection.

The plugin instantly configures SSL on your WordPress site, without any modifications to other files and settings.

In case you don’t have an SSL then the first thing you need to do is subscribe to an SSL of your choice. You may either go for a Standard or Premium SSL or you may subscribe to a Completely Managed SSL Service.

Once you have SSL, just activate Really Simple SSL plugin on your website. It saves you from hours of work.

As soon the plugin is activated, it –

  • Automatically updates the siteurl and homeurl to HTTPS
  • Automatically fixes all insecure and mixed content errors
  • Automatically redirects all incoming URL requests to HTTPS
  • Automatically handles most issues that WordPress has with SSL

The plugin works by using an internal WordPress redirect, but it also allows you to use a .htaccess redirect instead. It handles when you’re behind a reverse proxy/load balancer and takes care when no headers are passed, which WordPress uses to detect an SSL connection

The insecure and mixed content on your website is dynamically fixed by replacing all HTTP URLs with secure HTTPS, except hyperlinks given to other websites. This URL migration is dynamic so no database changes are made, except for the site URL and home URL. The plugin sets PHP cookies securely with the httpOnly flag.

Redirecting HTTP Domains to HTTPS On Dedicated Server

Once SSL is installed on your dedicated server (as explained here) for the domain name you have selected, you will need to redirect all non-secure http links to secure https connection.

For any website to work over SSL, there are some modifications you will need to make to your .htaccess file, and then it will redirect your visitors to the HTTPS version of your website.

Login to your SANGKRIT.net account and follow the given steps:

  1. Go to your SANGKRIT.net product page.
  2. Under the Server, click Manage for cPanel
  3. In the Account Dashboard, click File Manager.
  4. In the cPanel File Manager, click Settings.
  5. Make sure that Show Hidden Files (dotfiles) is checked, and click Save.
  6. Click on public_html, and open your .htaccess if you already have one. If not, click File+, name the file .htaccess and click Create New File.
  7. Select the .htaccess file, and click Edit.
    • If you just created your .htaccess file, use this code:
      RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteCond %{HTTP_HOST} ^(www\.)?coolexample\.com RewriteRule ^(.*)$ https://www.coolexample.com/$1 [R,L]
    • If your .htaccess file already exists, insert the lines that begin with ReWriteCond and RewriteRule directly after the already existing ReWriteEngine On.
    • Click Save Changes and Close. 

That’s it. Visit your website and you’ll be re-directed to the HTTPS version.

If you use WordPress, then follow these steps:

  1. Log into your WordPress Dashboard.
  2. Visit Settings, click General.
  3. Locate the following fields:
    • WordPress Address (URL)
    • Site Address (URL)
  4. In each field, update your URLs from http to https
  5. Scroll down and click Save Changes.
  6. Open your current .htaccess file in the /public_html/ folder with the cPanel file manager for editing. If you don’t already have a .htaccess file, you’ll need to create one.
  7. Insert the following code at the top of your .htaccess file:
  8. Click Save Changes at the top-right corner of the screen.

In some cases you will need to edit your .htaccess file, if you don’t want that then you may also use a WordPress plugin such as Really Simple SSL It saves you from following so many technical steps.

The Effect Of Google Chrome Updates Over Non SSL Websites

You should strongly consider getting your own HTTPS SSL Certificate. Sometime back Google has declared SSL as an official ranking factor and now the upcoming updates to Google Chrome browser will start to mark websites running without SSL certificate as “Not secure”.

As per the updates on new Google Chome versions expected to come before July 2018, visitors to your website using an up to date version of Google Chrome will notice a warning, which may put them off because most of the websites they visit on daily basis are properly SSLed.

You should also be concerned about your visitors’ sensitive data which consists of names, addresses, email addresses and payment information. If your website has a “logged in”, “members section” or “clients-area” on your website, then this too counts as sensitive personal information which needs to be protected.

How to use SSL on your website?

Start by subscribing an SSL certificate and then follow the steps given here. If you are a WordPress user then follow this tutorial. For further support email to system@sangkrit.net.

Why you Should Subscribe SSL Certificate from SANGKRIT.net?

SSL (Secure Sockets Layer) is a security technology to establish encryption between a client and a server. It allows sensitive information such as login credentials, user data, social security numbers and credit card information to be transmitted securely in encrypted form instead of plain text which leaves you vulnerable.

Now a days there are many websites that shows you partial encryption error and some displays no-encryption or un-trusted SSL warnings.

The reason is that the Google has not only considered SSL as an official ranking factor but is taking aggressive steps to protect users data and encouraging website owners to use a well configured SSL Certificate.

Google now blocks all un-trusted and badly configured SSL certificates and hence potentially millions of websites that use SSL certificates issued by various big and small companies, even Symantec could find that their certificates are going effectively worthless when Chrome is concerned.

So if your website is also showing the RED HTTPS or any SSL error then you must act now because this thing will not only stop clients from making transactions on your website but it will also stop them from accessing your website because now Google Chrome clearly displays the invalid certificate warning on each visit.

And the link to proceed to the webpage is hidden in the advanced link which is left unseen, even then netizens will think twice before accessing your website.

How to Remove SSL Warnings?

Use a well-configured SSL certificate, SSL configuration is not a one step process and hence you should know how to correctly configure an SSL certificate on your website.

Subscribe SSL from SANGKRIT.net and it will guide you with an step-by-step process of requesting, installing and configuring HTTPS on your website. If you want some expert to do it for you then you can buy online support from system@sangkrit.net.

How To Generate CSR (Certificate Signing Request) On cPanel?

A CSR or Certificate Signing request is a block of encrypted text generated on the server that the SSL certificate will be used on. It contains all important information to be included in your SSL certificate, information comprises of your common name (i.e. domain name), locality and country etc.

cPanel provides you a built-in feature to generate CSR code to use for sending certificate signing request and get your SSL configuration settings ready to work on your website’s domain.

Continue reading How To Generate CSR (Certificate Signing Request) On cPanel?

Secure Your Website From Top 10 Internet Threats

More than five thousands websites are compromised everyday. Small business site owners think that they’re too small to be noticed by hackers but that is a wrong thinking because now-a-days hackers use automated bots which keeps on searching vulnerable websites.

Another reason of not securing website is lack of awareness. Many website owners don’t know how they can secure their website, what security tools they should be using etc etc.

Continue reading Secure Your Website From Top 10 Internet Threats

Secure WordPress Login & Admin Pages With SSL (HTTPS)

Now you know how to install SSL on a domain and how to implement it on your WordPress installation. A few days back a WordPress user emailed us saying that the majority of his website is not sensitive and also he has a resource limit so he only wants to enable SSL on his website login page and not on the rest of his website.

Continue reading Secure WordPress Login & Admin Pages With SSL (HTTPS)

How To Implement HTTPS (SSL Certificate) In WordPress?

As soon Google declared HTTPS as an official Google ranking signal, the discussions on implementing SSL certificate in WordPress started populating WP forums and social media sites. In this tutorial we are showing you an easy method to enable HTTPS working on your WordPress site.

Continue reading How To Implement HTTPS (SSL Certificate) In WordPress?

Secure Your Website With HTTPS (SSL Certificate)

For running your website on HTTPS (SSL Certificate), first thing you need to do is subscribe a SSL Certificate here. You may go for Standard SSL if you just want to verify your domain and secure your website. Premium SSL plan is ideal for eCommerce shopping cart websites as it provides you the most extensive validation.

Continue reading Secure Your Website With HTTPS (SSL Certificate)