How to buy and configure a SSL certificate at IPBrick 6.1

From wiki.IPBRICK.COM
Jump to: navigation, search

The site www.ssls.com is a good option to buy cheap SSL certificates.

Here are presented the steps to buy a Wildcard certificate and to configure it at IPBrick 6.1. So its a certificate type that can be used for all names and services from a DNS domain.

Let suppose first the following info: 

Country: Portugal
City: Porto
Company Name: Domain
DNS domain: domain.com
Wildcard certificate: *.domain.com
Approver email: administrator@domain.com
Email to receive the certificate: jsmith@xpto.com

so in that case, the certificate is valid for all names under the domain "domain.com". Eg: domain.com, groupware.domain.com, www.domain.com, cafe.domain.com, iportaldoc.domain.com.

A - CSR generation

  • Go to Advanced Configurations - IPBrick - Certificates and Insert a certificate. Eg: wildcard-domain-2015
  • Click at Certificate and generate the Private Key. After that generate the CSR with the following definitions: 
Country code: PT
State or province: Porto
City: Porto
Company: Domain  
Department:   
Common Name (CN): *.domain.com
Email: jsmith@xpto.com

NOTE: If you are buying not a wildcard certificate but a certificate for a specific name/FQDN like groupware.domain.com, the CN must be: groupware.domain.com

  • Download the CSR

B - Buy a certificate from www.ssls.com

  • Go to www.ssls.com and register with a new account
  • Sign in and choose the cheapest CA to buy a Wildcard certificate and the number of years. Eg: PositiveSSL, 1 year
  • Activate the certificate
  1. When activating enter the file .CSR (generated at IPBrick)
  2. Choose the email approval - administrator@domain.com
  3. Go to administrator@domain.com email account and aprove it.
  4. Enter the company information and the email address that will receive the certificate (jsmith@xpto.com)

C - Install the certificate at IPBrick

  • Go to jsmith@xpto.com email account and download and decompress the .zip file attached. The content is: 
COMODORSADomainValidationSecureServerCA.crt -> Intermediate 2 CA certificate
COMODORSAAddTrustCA.crt -> Intermediate 1 CA certificate
AddTrustExternalCARoot.crt -> Root CA certificate
STAR_domain_com.crt -> Your Wildcard certificate
  • Open the following files at Notepad: 
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
  1. Create a new file called ca_bundle.crt and concatenate all the three files content in that order
  2. Go back to IPBrick at Configurations - IPBrick - Certificates, click at wildcard-domain-2015 and at "Certificate" insert the file STAR_domain_com.crt
  3. Choose "Certificate Authority (CA)" and insert the file ca_bundle.crt
  4. Hit "Back" and at "Services with certificate" option, choose the certificate wildcard-domain-2015 for all the services.
  5. Apply Configurations
  6. Now all the client applications running SSL will accept the certificate (browsers, email clients etc.)

NOTE: If the current IPBrick have a valid SSL certificate manually installed by the IPBrick Support Team, please send an email to support@ipbrick.com in order to check the configurations

Retrieved from "https://wiki.ipbrick.com/index.php?title=How_to_buy_and_configure_a_SSL_certificate_at_IPBrick_6.1&oldid=908"