Enabling Security and SSL certificates

2018-03-28 18:32:00.0
Website Management

SSL Certification for websites

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral. SSL is an industry standard and is used by millions of websites in the protection of their online transactions with their customers.

To be able to create an SSL connection a web server requires an SSL Certificate, Kademi uses Amazon Web Services for the certification. When you choose to activate SSL on your website this will be subject to DNS validation. Simply put, this means when that when you request an SSL certificate it will display a record in CNAME format that allows Amazon Web Services to identify that you are the owner of your website and your company. If this domain is managed by Kademi the record will be added automatically. If the domain is not managed by Kademi, you will need to manually add the record to your DNS provider. Your web server then creates two cryptographic keys - a Private Key and a Public Key.

Switching SSL on in your organization

  • Go to your dashboard

  • Select the drop-down menu where its states logged into: (website name)

  • Click and select the organization details

Turn on SSL to the organization

Kademi has a build in HTTPS feature to protect your website account

  • Click on the checkbox to turn on the forced HTTPS for your website account

  • Save

How to identify if your website is SSL active

Look at the web browser, if has no HTTP in front of the website name (Hypertext Transfer Protocol) on the URL, then it's not SSL protected
if a website URL has https, this means it has an SSL certificate turned on, which is what you want to so no basic hacks can be performed.

Request an SSL certificate from Amazon (step 4)

Now that SSL is installed onto the website account, You need to add a verified Amazon SSL certificate to each website you have.

  • Go to dashboard

  • Click on the settings button of a website

Request a certificate from Amazon

  • Click and proceed to security

  • Select the request a certificate button - A CNAME record will be displayed which will automatically be added to the DNS if your domain is managed by Kademi. Should your domain be managed independently of Kademi you will need to manually add this CNAME record to your DNS provider.

  • If you do not have a domain name for your website this step will not be valid, Kademi has its own SSL certificates that will be used automatically for your site

  •  SSL certificates have to use a domain name to register and assign a certificate to secure your website 

Verification status

When the Amazon SSL certificate has been verified the status will change and be validated.

  • If the domain is the managed by Kademi, wait a few minutes after requesting the certificate and then refresh the page. Check the status bar to see if this has been updated. If the certificate is approved, you will be able to click on the "Use Certificate" button. If the status is still pending, this button will be greyed out and you will be unable to click on it. If this  occurs, wait a few minutes and refresh the page again. You should now be able to click on the " Use Certificate" button
  • If the domain is managed externally and you have therefore added the CNAME record manually, it can take up to 48 hours for Amazon Web Services to validate domain ownership. In order to ascertain if this certificate has been approved you will need to refresh the page. Once the certificate is approved you will be able to click on the "Use Certificate" button

Validate Domain Ownership

  • If your Domain is managed by Kademi they will automatically add the CNAME record to your DNS

  • If your Domain is managed externally, then you will need to manually add the CNAME record to your DNS

SSL certificate is successful

Refresh your page after a few minutes and the validations status would have changed.

If it views, "States: Issued", then the SSL certificate from Amazon has been successfully created and loaded to your website

  • Click on the Use Certificate button in order to use the certificate 
    - this will install certificate on the website

Upload an existing certificate

If you have a certificate from a 3rd party provider like GoDaddy or DigiCert, You can upload your files to Kademi to secure your website

First you will need to make sure the files are in the correct format. Kademi supports PEM format for certificates and un-encrypted PEM private keys.

For certificate the extension will normally be .pem, .crt or .cer. For private keys it would be .key.

If you have a file that ends with .p7b, .p7c, .pfx or .p12 you will need to convert these to a supported format. This can be done either using an online service (Not recommended for private keys) or openssl.

Here is a simple example on how to use openssl to convert the files: https://www.tutorialsteacher.com/https/openssl-certificate-convert-commands

  1. Click on the "Security" tab
  2. Select the "+ Configure New HTTPS Certificate" button
  1. Enter a simple name to represent the certificate e.g. mycert2019
  2. Select "Create" to create the new certificate entry
  1. Select the "Modify" button under "Chain Certificates"
  2. Select "Upload a new certificate"
  1. Select your root certificate file
  2. Or if you want to paste the raw text enter a file title e.g. Root
  3. Paste the certificate text here if not uploading a file
  4. Select "Upload"
  5. Repeat for any other intermediate certificates

Once all Root and intermediate certificates are uploaded you will see them here, They will also show the start date and expiry date accordingly.

  1. Select the "Menu" button
  2. Then select "Private Key"
  1. Select the private key file
  2. Or you can upload the raw text if not selecing a file
  3. Select "Update" to save the private key

If the private key uploaded successfully it will show as green, You can hover the green icon for more information.

  1. Select the "Menu" button
  2. Then select "Certificate"
  1. Select the certificate file
  2. Or you can upload the raw text if not selecing a file
  3. Select "Upload" to save the certificate

This needs to be in a X.509/PEM format and must not be encrypted

  1. If the Certificate is read it might indicate it's not valid for the current domain that is configured on the website. You can hover on the icon for more details.
  2. The private key should now be showing green with a tick indicating the private key matches the certificate. If not you can hover over the icon for more details

Once everything is setup correctly you will see two green icons with ticks. The certificate is now ready for use.

  1. Select the "Menu" button
  2. Then select "Active" to activate the certificate

Switching on SSL to each website

This final step must be done to each website as well, we need to allow the website to turn on the HTTPS as it can use the verified SSL certificate.

  • Go to your website and go to the setting (see step 4 above)

  • Click and proceed to the security tab

  • Scroll down and look for  Security settings

  • Select the option YES to force HTTPS

  • Save

Your website is SSL secure

The Web browser has identified that there is SSL and no one is able to hack your website