How to install SSL certificate on Apache Cpanel server

After installing the SSL certificate successfully on your web server, If you are getting some error like "unknown certificate issuer" while accessing the URL "https://www.yourdomain.com/", this blog post might resolve your problem, read on!

SSL protocol (https://) is a must for any E-Commerce website if you intend to accept payments on your own website. The first step to install a SSL certificate on your server is to generate a private key. This key (KEY) will allow you to generate a certificate signing request (CSR) and which you can then take to the certificate selling authority and get the certificate (CRT).

How to install SSL certificate on your CPanel based web server?

Log into your CPanel and go to SSL/TLS Manager. The SSL/TLS Manager will allow you to generate SSL Certificate, signing requests, and keys. These are all parts of using SSL to secure your website.

Click on the “Generate, view, upload, or delete your private keys” link

Creating a Private Key (KEY)

The first step to installing a SSL certificate is to create a private key file to be used with your SSL certificate. Please note that this private key file must be used with the specific SSL certificate that it is for. This private key is secret and should not be given out. Please note that there is no way to recover a private key file if it is lost.

Just go to the ‘Generate a New Key’ area and select the domain from the drop down, make sure you add www in front of the domain name in the “Host” text field if you want the certificate to work on www.domain.com. Select "Key Size=2048" from the drop down, otherwise certificate selling might send you back to get a new key. Press ‘Generate’ and it will create and save the key for you. This Key has been stored on server for you to be used for CSR and installing certificate later.

Now ‘Return to SSL Manager’ and go to the next step of generating CSR.

Click on the ‘Generate, view, or delete SSL certificate signing requests’ link.

Creating a SSL Certificate Signing Request

If you are obtaining a certificate from a trusted SSL provider, you must complete the signing request form to provide the information needed to generate your SSL certificate.

You will see the domain name in the drop down select box here for which you created the key in the first step. Go on to complete the other fields and hit “Generate”. If everything goes right, you will see ‘Certificate Signing Request generated!’ message. Now copy the —–BEGIN CERTIFICATE REQUEST—– until —–END CERTIFICATE REQUEST—–

Now use this CSR to buy SSL Certificate. Your CSR has also been saved on the server.

Click on the "Return to SSL Manager"

Once you get your SSL certificate, in my case, I got “Thawte SSL” certificate. To install it on your server, In the SSL Manager of your CPanel, click on “Generate, view, upload, or delete SSL certificates”

Thawte provided two certificates. You add first one in the Certificate (CRT) and upload it.

Then go to the "Setup a SSL certificate to work with your site."

Installing Certificates on server

Paste the certificate in the text area or choose a .crt file and hit ‘upload’. And here is the trickiest part, Thawte had provided two certificates, You have to add first one here. Both provided certificates have same labels such as —–BEGIN CERTIFICATE—–: and —–END CERTIFICATE—–:

After uploading your certificate successfully, ‘Return to SSL Manager’,

This is the last step for SSL installation.

Activating SSL on Your Web Site (HTTPS)

Click on the "Setup a SSL certificate to work with your site." Select the domain for which you are setting up SSL certificate from the drop down select box. As soon as you select a domain name, It will fetch its stored key and certificate (.crt) from server and populate the following boxes automatically. If it does not, then, try to his ‘Fetch’ button and hopefully it will get the required information and if it still fails, go back and check your step 1 and 2.

If your Certificate (CRT) and Key (KEY) boxes are filled it information, all you have to do is to add the second certificate in the "Ca Bundle (CABUNDLE)" text area. It says the ‘Paste the ca bundle here (optional):’ thawte did not mention it was a CA Bundle and where would it be added; they just called it a certificate.

Although it says "Paste the ca bundle here (optional):" but it definitely is not optional! Failing to add this second certificate (CA Bundle) will give you "unknown certificate issuer" error.
Add the CA Bundle and press "Install SSL Certificate" That’s it. Now open
https://www.yourdomain.com/ and hopefully you will see a padlock in your status bar/address bar.

Credit: parorrey

Windows Live ID adopts Extended Validation (EV) SSL Certificates.

Windows Live ID is very committed to the safety of its users. To further protect the users against phishing, Windows Live ID has adopted (Extended Validation) EV SSL Certificates.

EV SSL certificates require a company to undergo an extensive vetting process and provide users additional assurance about the identity and authenticity of web sites they visit. Thus when a user visits Live ID in IE7, the address bar will turn green and the identity of the company that owns the website – in this instance ‘Microsoft Corporation [US]’ – is displayed. You can get more information on EV certificates here.

Users of sites (such as Hotmail, Spaces, and Microsoft partner sites) that use Live ID authentication can now enjoy the additional protection and verified identity provided by EV SSL. Remember that in order to enjoy the additional assurance provided by EV SSL, users will have to use a newer browser that supports EV SSL, such as Internet Explorer 7. Windows Live ID is the first large scale authentication service to adopt EV certificates; our over 380 million users can now enjoy the additional protection offered by EV over 1.2 billion times a day when they login.

Mozilla Firefox and Google Chrome Updated for Security Flaws

It's a big week for browser updates, as both Mozilla and Google are updating their respective Web browsers for multiple security flaws.

The Mozilla Firefox 3.6.11 update addresses at least nine security flaws, five of which are rated as being critical by Mozilla. Among the critical flaws are memory safety hazard issues, as well as a memory corruption issue that could potentially enable an attacker to run arbitrary code.
Additionally there is a critical fix for a use-after-free memory error, which could enable attackers to make unauthorized use of allocated memory.

"Security researcher Sergey Glazunov reported that it was possible to access the 'locationbar' property of a window object after it had been closed," Mozilla's security advisory states. "Since the closed window's memory could have been subsequently reused by the system, it was possible that an attempt to access the 'locationbar' property could result in the execution of attacker-controlled memory."


Mozilla also credits HP TippingPoint's Zero Day Initiative with the discovery of a JavaScript dangling pointer vulnerability, which could also lead to an attacker taking control of user memory.

"When 'window.__lookupGetter' is called with no arguments, the code assumes the top JavaScript stack value is a property name," Mozilla's advisory states. "Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine, which calls through the dangling pointer, potentially executing attacker-controlled memory."

Firefox 3.6.11 also provides fixes for a number of interesting vulnerabilities, including one related to how Firefox handles the nearly extinct Gopher (define)server system. The Gopher vulnerability could have led to a Cross Site Scripting (XSS) attack.

There is also a fix for an SSL wildcard flaw that Mozilla notes is unlikely to ever occur, since a certificate authority isn't likely to grant the wildcard certificate.

"Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard, followed by a partial IP address, a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address," Mozilla stated in its advisory.

The issue of SSL wildcards was a topic that was first raised at theBlack Hat 2009 security conference. Famed security researcher reported that the major browser vendors all had SSL wildcard flaws that could potentially be exploited. Mozilla patched the specific flaws highlighted by Kaminsky in August of 2009 with the Firefox 3.5.2 release.

Chrome 7

Google is also joining the Web browser update parade this week with the release of Chrome 7.0.517.41 for its stable channel. The release marks the first stable Chrome 7.x release for Google, after having been in its development channel for the last three months.

With Chrome 7.0.517.41, Google is providing at least 11 security fixes, five of which are labeled as having high impact and one listed as critical. The critical flaw is a browser crash issue related to the form autofill capability.

As was the case with Firefox, memory corruption issues are part of the Chrome fix list. Google has credited researcher Simon Schaak with reporting memory corruption issues with animated GIF images in Chrome.

Chrome 7.0.517.41 also provides a high impact fix for a possible URL spoofing issue that could have occurred when the page is unloaded.

ClickSSL provides (VeriSign) Site Seal "Trusted" Service.

Now internet surfing is a actual accepted process, but anytime anticipation about its authority and credibility? As millions of website owners are there accountability of these sites are awful needed, and to accomplish that VeriSign Trust Seal has been introduced. Actually the VeriSign Internet Trust Basis was advised to barometer the levels of trust humans abode on the Internet. See if you fit one of the trust basis profiles: Am I agreement too majorly trust in the Internet, or too little? Now How to acquaint if a website is secured or not. With so abounding sites on the Web, it’s harder to apperceive which are safe to trust, and which to avoid.

Now VeriSign trust is there to actuate whether the website is secure or not and for that you allegation to analysis out assertive factors. If you’re application a high-security, Extended Validation Secure Sockets Layer (EV SSL) enabled Web browser
, analysis to see if the abode bar has became green. Look for the VeriSign trust™ seal and bang on it to verify that the seal is authentic. Ensure that the URL in your address bar begins with HTTPS, not HTTP. That added “s” is important, as it stands for “SECURE”.

Now you may ask why Trust Is Essential in agreement of your website's credibility. You will appear beyond altered Causes that and some of them are Stand out from the antagonism in search results; Build trust in your Web site; Reduce the risk of getting blocked by search engines and browsers; Show customers your identity has been verified; Display the #1 trust mark on the Internet, and so on. Also begin that VeriSign adds adds trust enhancement to its SSL. New security features, which cover circadian malware scanning and the company's Seal-in-Search technology, can advice now website operators to ensure that users of their sites can browse them and accomplish online transactions without fear of security breaches.

"In the face of added busy attacks and fraud schemes, web sites require solutions that do added than data encryption," as said by vice president of product marketing at VeriSign. "By enhancing our SSL Certificate services with new features that instill trust at every step of the online experience—at no additional charge to our customers—we're delivering a more robust and value-driven solution. In the process, we're redefining what web sites should expect from online security."

As the brand desired by major banks and retailers, the VeriSign seal cab build assurance for higher transitions on all types of Web sites now.

ClickSSL is VeriSign Platinum Partner company and authorized to resell and renew all RapidSSL, GeoTrust, Thawte and VeriSign SSL certificates. SSL certificate will be issued by VeriSign itself and you will save more money and maintenance cost. Even you have purchase SSL from other resellers or direct from VeriSign then also you can renew it with ClickSSL.com.

Symantec Launches New Logo with VeriSign Check

Symantec Corporation, known for its software security products, recently released its new design company logo.

The previous logo was created in 2000, and since then Symantec has widened its portfolio and recently acquired the VeriSign (News - Alert) check mark for $1.28 billion along with VeriSign’s security business, which includes the (Secure Sockets Layer) SSL Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service.

The VeriSign check mark is the most recognized symbol, associated with trust, particularly in websites. When consumers see the logo, they know they are accessing a safe site or that their shopping will be safe, encouraging them to purchase more online.

The new logo with a circle and checkmark will represent the unified resources and will enhance Symantec’s (News - Alert) recognition in the industry and market segments. Symantec provides industry solutions including security from threats and information thefts, data loss, data protection, manage PC systems, antivirus, anti-malware, anti-spam, backup and recovery of data, systems and email, security management, storage management, Endpoint security and management, virtualization management, and web security among others, to businesses of all sizes. It is more popular under the Norton suite of security products.

Symantec, said, "We believe in today's connected world that the Symantec check mark will stand for confidence, the same way the Nike swoosh stands for fitness. The new logo signals Symantec's vision to bring together identity and device security, information protection, context and relevance and the benefits from leveraging the cloud - all critical enablers of confidence in a connected world."

VeriSign added, "This transaction allows VeriSign to focus on the growing Internet infrastructure services business, where we expect to build on our expertise and record of success as the longtime operator of the .com and .net domain infrastructures. We believe Symantec's leading position as the premier end-to-end security provider will enable them to better serve our authentication customers and accelerate market growth."

GeoTrust Further Beats Go Daddy in Race for SSL Industry Contribution between Lead Websites

The internet's most visited sites continue to rely on GeoTrust, Inc., according to the latest "Alexa Netcraft Index," a monthly measure of Secure Sockets Layer (SSL) certificate used around the world.

GeoTrust, a leading SSL Certificate authority (CA), secured 20.6 percent of unique domains among the 1 million most visited sites whose SSL usage is tracked by Netcraft. The VeriSign brand followed with 17.9 percent of all unique domains, and Go Daddy again was third, with a 15.6 percent share.

The Alexa Netcraft Index is produced by cross-referencing data from Netcraft's September SSL Survey and the Alexa Top 1 Million Domains list. The analysis found nearly 170,000 unique domains on the Alexa 1 Million where Netcraft found SSL certificates. Of that total, 34,792 are protected by GeoTrust(R) SSL certificates, 30,220 by VeriSign SSL certificates, and 26,433 by Go Daddy.

The latest results show GeoTrust's continual lead in the high-volume, low-cost SSL market remains unchallenged. In this particular market segment, low prices drive purchase decisions among SSL customers whose primary concern is to encrypt data transferred to and from their sites. On the flipside, the VeriSign brand leads the premium SSL certificate and online trust category, where customers demand full business authentication, seal-in-search, daily malware scans, and other enhanced services in addition to encryption.

"Every time they renew their SSL certificates, the most popular sites on the internet vote for the brand they trust most," said Jeff Barto, senior product marketing manager for GeoTrust. "Year in and year out, again and again, they return to place their trust in GeoTrust. For sites large and small, investing in GeoTrust SSL certificates has obviously proven to be a successful way to build trust with an increasingly wary public. Just ask the Web sites that matter most."

Prepared by Catapult Data Services, the Alexa Netcraft Index obtains an accurate picture of SSL certificate usage across the Web sites that matter most by cross-referencing the Netcraft SSL Survey with the Alexa 1 Million list. The Netcraft SSL survey tallies all publicly facing SSL certificates on the internet, including "parked" certificates on unused or infrequently visited Web sites. The Alexa 1 Million is a well-known site traffic measurement service that ranks the 1 million most visited sites in order of popularity.

With SSL certificates issued in more than 150 countries around the world, GeoTrust offers world-class SSL certificates with fast delivery at a cost-effective price. Enabling up to 256-bit SSL encryption, they include a range of GeoTrust(R) True Site seals based on the desired level of identity verification.

GeoTrust's SSL solutions present a wide range of cost-effective options, including standard or Extended Validation (EV) SSL certificates, support of up to 256-bit SSL encryption, static or dynamic GeoTrust True Site seals, and warranty protection ranging from $10,000. In addition, GeoTrust offers multi-domain support in the Subject Alternative Names (SANs) field for greater flexibility to work with products like Microsoft Exchange Server 2007 and Microsoft Office Communications Server 2007.

About GeoTrust A wholly owned subsidiary of Symantec, Corp.

(SYMC 15.39, +0.22, +1.45%) , GeoTrust is the world's largest low-cost digital certificate provider. More than 100,000 customers in over 150 countries trust GeoTrust to secure online transactions and conduct business over the internet. GeoTrust's range of digital certificate and trust products enable organizations of all sizes to maximize the security of their digital transactions cost-effectively.

Symantec is a global leader in providing security; storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored.

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites