DR KOH

just sharing…photography, car, IT, computer, ocean engineering, God, Christianity, life…

How to install SSL Certificates, CORRECTLY!

Views: 46

ShaShinKi.com has been using SSL certificates for years. Last year, our old certificate expired. So I purchased and installed a new certificates from COMODO. The last certificate I installed was many years ago, hence I couldn’t remember exactly how to install it correctly…or FULLY!

We purchased SSL certificates from COMODO, and it comes with the follow 4 files.

I was wondering what are they for, as I thought we only need just one Root CA Certificate. So I actually ignore the rest for more than a year time.

  • Root CA Certificate – AddTrustExternalCARoot.crt
  • Intermediate CA Certificate – COMODORSAAddTrustCA.crt
  • Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
  • Your COMODO SSL Certificate – www_shashinki_com.crt

I knew there were something wrong, but I am not sure what is it. I tested my site and there is no SSL error and it comes with a green LOCK in FireFox. Chrome also gives no warning error, so I thought it was GOOD.

Then few days ago, a customer messaged me that he can’t access my website.

This is BAD…as I am sure he is not the only person that experienced such error. If a customer can’t access my website, then how can I get business from him/her?!!

Going back to the root…I tried google for information on SSL Cert check. Then try on how to install SSL Certificates. Found some hints and clue on the importants of INTERMEDIATE Certificates.

https://www.sslchecker.com/sslchecker

The above website shows error on the CHAIN certificates of my website, as I did not install the Intermediate certificates. But I wasn’t sure that is CHAIN Certificates.

Then I found info on how to install certificates correctly in DirectAdmin:

https://www.xolphin.com/support/DirectAdmin/DirectAdmin_-_Certificate_installation

I went back to my server, reinstall my certificates. Using this sequence:

-----BEGIN CERTIFICATE----- 
<coded contents of the second intermediate certificate, when available> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <coded contents of the first intermediate certificate>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE----- 
<coded contents of the root certificate>
-----END CERTIFICATE-----

I think check my site SSL issue using this link:

https://www.xolphin.com/sslcheck/shashinki.com

I hope I did it right this time, as I can see all greens now. Let’s hope for more site visitors and hopefully more business soon!