Managing SSL certificates

Blank 29/3/2018 05:32 - 29/3/2018 05:32
Website Management

SSL is used to establish an encrypted link between a web server and a browser. This ensures that the data passed between the web server and browser remains private and secure.

Setting up SSL requires a certificate. SSL certificates in Kademi are typically managed with the AWS Certificate Manager, which generates a certificate for you to use with your site. Learn more about setting up SSL with Amazon Certificate Manager here.

However if you have an existing certificate, you can use this instead.

 

Prerequisites

1. Main Certificate (in the PEM Format)

2. Root/Intermediate Certificate (Typically Both, But only one may be required) (in the PEM Format)

 

Uploading an existing certificate

If you have a certificate from a 3rd party provider like GoDaddy or DigiCert, you can upload your files to Kademi to secure your website.

First you will need to make sure the files are in the correct format. Kademi supports PEM format for certificates and un-encrypted PEM private keys.

For certificates the extension will normally be .pem, .crt or .cer. For private keys it would be .key.

If you have a file that ends with .p7b, .p7c, .pfx or .p12 you will need to convert these to a supported format. This can be done either using an online service (Not recommended for private keys) or openssl. Here is a simple example on how to use openssl to convert the files: https://www.tutorialsteacher.com/https/openssl-certificate-convert-commands

1 Go to the Security tab of the website management page, and click + Configure New HTTPS Certificate.

2 From the Provider dropdown list, select Manual Upload and then click Next.

3 Enter a simple name to represent the certificate e.g. mycert2019, and click Create to create the new certificate entry.

4 Click Modify under Chain Certificates, then click Upload a new certificatePlease note, Root and Intermediate certificates must be in the PEM Format

You can find out more information about that here: https://www.ssl.com/guide/pem-der-crt-and-cer-x-509-encodings-and-conversions/

5 Upload your root certificate file, or paste the raw text by entering a file title and the certificate text, then click Upload.

Repeat this process for any other intermediate certificates.

6 Once all root and intermediate certificates are uploaded you will see them on the security tab. This will also show the start date and expiry date for each certificate.

7 Select the Menu dropdown, then click Private Key.

8 Select the private key file, or enter the raw text, and click Update to save the private key.

If the private key uploaded successfully it will show as green. You can hover over the icon for more information.

9 Select the Menu dropdown, then click Certificate.

10 Upload the certificate file, or enter the raw text, and click Upload to save the certificate.

This needs to be in a X.509/PEM format and must not be encrypted.

If the certificate icon is red it might indicate the certificate is not valid for the current domain that is configured on the website. You can hover over the icon for more details.

The private key should now be showing a green icon with a tick indicating the private key matches the certificate. If not, you can hover over the icon for more details.

Once everything is setup correctly you will see two green icons with ticks. The certificate is now ready for use.

11 Select the Menu button and click Active to activate the certificate.

The final step is to allow each website to use the SSL certificate by turning on HTTPS.

12 Under security settings, set force HTTPS to Yes, and click Save.

The website will now be SSL secure.

Creating a CSR and renewing a certificate

In some cases you may need to provide your IT team with a CSR, which they use to create a certificate, which is then uploaded into Kademi.

A certificate signing request (CSR) contains information that the Certificate Authority will use to create your certificate.

1 Click Configure new HTTPS certificate, and give the configuration a meaningful name, then on the Menu dropdown select Create/View CSR.

2 Fill in the details for the CSR (likely to be provided by your IT team), and select New Private Key, then click Create.

3 This will generate the CSR, which can then be passed on to your IT team, i.e. by copying the information to a text file.

4 Once you have been provided with the certificate to use, upload it by selecting the Menu dropdown, then Certificate, and upload the file or add the raw text, then click Upload.

5 Add any root/intermediate certificates by clicking Modify under Chain Certificates, then Upload a new certificate.

6 Once the certificates have been added correctly, 2 green ticks will be displayed under Certificate and Private Key.

7 You can then enable the new certificate by clicking the Menu dropdown, then Activate. and remove the old certificate by clicking the Menu dropdown, then Passivate