How to buy an SSL certificate?Where to buy SSL certificate? How to install certificate for mail server?
What is a SSL certificate?
A SSL certificate is like a digital ID of an entity and it proves what we claim who we are. However, on Internet, only a SSL certificate signed by CA (certificate authority) is trustworthy.
What can I do with a SSL certificate other than an ID?
This certificate can be imported into a paid or free mail server, a web server or other type of servers. Then, PKI and SSL certificates work together to establish encrypted connections between servers and clients.
Where can I get SSL certificates?
There are many SSL certificate dealers selling different brands of certificates and prices vary accordingly. I recommend you to buy Comodo Certificates from KSoftware for $20 a piece. It is a basic SSL certificate to fit in web server or mail server puroses.
Here are a few steps to guide your through the buying process: (this example demonstrates buying a certificate for a mail server)
1. Browse to KSoftware purchase webpage http://www.ksoftware.net/ssl_certs.html
2. Click on Buy icon next to Comodo PositiveSSL Certificates
3. Obtain CSR (Certificate Signing Request) string of an unsigned SSL certificate. Copy and paste it to the space next to 1. Copy and paste your CSR into this box. (EVO Mail Server supports auto-generating unsigned SSL certificate and its CSR for your domain.)
4. At 2. Select the server software used to generate the CSR, click on the pull-down list to the right and select Apache-ModSSL
5. Leave 3. Select the hash algorithm… alone and go on to 4. Select the validity period for your Certificate. Do as asked.
6. For Item 5, 6, and 7, it is up to you if you like to keep it or not. Click on Next>
.
7. On next page, select an email account, such as admin@yourdomain.com to which a domain control validation email will be delivered. Upon receiving this mail, a validation process will be performed by entering a validation code on Comodo’s website. Click Continue > to proceed.
8. Complete Your Corporate Details, Your Contact Details and Choose Your Admin Contact’s Management Details. The last one allows you to log in Comodo for future support. Click Continue > to proceed.
9. Click on I ACCEPT on Agreements page. Go on to finish billing information page and click on Make Payment to wrap up purchase.
10. Finish Domain Control Verification process and log in the email box in Step 8 to fetch the certificate.
How to install ssl certificate for website
How to import SSL certificate into Apache webserver for enabling SSL connection during Webmail session (The example below uses webmail component of Roundcube and EVOServ for demonstration):
1. Once you retrieve the server certificate zip file, download and extract it to a temporary folder. There are two files:
a. yourdomain.com.crt
b. yourdomain.com.ca-bundle
2. Download Win32OpenSSL v1.x.x and Microsoft VisualC++ 2008 Redistributable (x86). Install both of them.
3. Proceed stripping private key password if there is any as below: a. Start a command prompt b. key in cd c:\evoserv\appserv\apache2.2\conf\certificate c. key in openssl rsa –in yourdomain.com.key –out cert.key d. At the prompt of Enter pass phrase for yourdomain.com.key, enter private key password e. Then, writing RSA key message means password stripping successful and export a file called cert.key f. Rename cert.key to yourdomain.com.key and overwrite the original one.
4. Edit C:\AppServ\Apache2.2\conf\httpd.conf
a. Download sample httpd.conf and extract the zip file to C:\EvoServ\AppServ\Apache2.2\config\
b. Open C:\EvoServ\AppServ\Apache2.2\config\httpd.conf with Notepad.exe
c. Use Ctrl+F to find strings and modify.
d. ServerAdmin x1@x2 → replace x1 with username, x2 with domain name, i.e. admin@yourdomain.com
e. ServerName x → replace x with server hostname, such as mail.yourdomain.com
f. ServerAlias x → replace x with server alias, such as webmail.yourdomain.com
g. ErrorLog "logs/x-error.log" → replace x with server hostname, such as mail.yourdomain.com
h. CustomLog "logs/x-access.log" → replace x with server hostname, such as mail.yourdomain.com
5. Edit C:\AppServ\Apache2.2\conf\extra\httpd-ssl.conf
a. Download sample httpd-ssl.conf and extract the zip file to C:\EvoServ\AppServ\Apache2.2\config\extra\
b. Open C:\EvoServ\AppServ\Apache2.2\config\extra\httpd-ssl.conf with Notepad.exe
c. Use Ctrl+F to find strings and modify.
d. Change line12: ServerName x:443 → replace x with server hostname, such as mail.yourdomain.com
e. Change line13: ServerAlias x → replace x with server alias, such as webmail.yourdomain.com
f. Change line14: ServerAdmin x1@x2 → replace x1 with username; x2 with domain name, such as admin@yourdomain.com
g. Change line16: TransferLog - logs/x-access.log → replace x with server hostname, such as mail.yourdomain.com
h. Change line20: SSLCertificateFile - certificate/x.crt → replace x with your exact domain name, such as yourdomain.com
i. Change line21: SSLCertificateKeyFile - certificate/x.key → replace x with your exact private key name, such as yourdomain.com
j. Change line22: SSLCertificateChainFile - certificate/x.chn → replace x with your exact domain name, such as yourdomain.com
6. Restart Apache. Run a browser and key in URL as below: https://yourdomain.com/roundcube