SSL: Do I need to create a new CSR to renew my ssl certificate?

Many user might ask do I need to regenerate the CSR key when I need to renew my SSL certificate.

In many Apache server do allow you to install your SSL with your previous CSR key unless  you have change the SSL information.

However, the following server is needed to regenerate the CSR key when you renew it,

– Microsoft IIS Server
– Java based server
– Tomcat based server

Windows: Generate CSR key with IIS7

This article used to guide you on how to generate CSR(Certificate Signing Request) key from IIS7.

1. Select Start -> Administrative Tools -> Internet Information Services (IIS) Manager or run from Windows Run with command “inetmgr”.
2. In the IIS Manager, choose your server name.
3. In your Middle panel, select Server Certificate.
4. Select on the “Create Certificate Request option” in the right panel.
5. In the Wizard, enter your information like image above.
6. Next, remain the service provider and change the bit length to at least 2048. You are advise to select 2048 and above for better security.
7. Save your certificate.

Redirect SSL Secured page from ASP.Net

As you know, you may easily force your site fully running SSL from your site but this will causing your site loading slowly as it is running encryption for your site.

Now, you may use the following script to apply your script to use SSL and you may apply this to your Page_Load function.

Dim strURL As String = Request.Url.ToString()
If Request.IsSecureConnection Then
    If strURL.IndexOf("http:") > -1 Then
    strURL = strURL.Replace("http:", "https:")
    Response.Redirect(strURL)
    End If
Else
    If strURL.IndexOf("https:") > -1 Then
    strURL = strURL.Replace("https:", "http:")
    Response.Redirect(strURL)
    End If
End If

SSL – Country Code not valid

When you submit your SSL enrollment process, you might get the error of ,

Country Code not valid

With the above error, you might not use the 2 digit country code with standard of ISO 3166.

The common mistake is using UK for England as known as United Kingdom, but you should use GB which Great Britain.

However, you may refer to the full 2 digit country code as URL below.
ISO 1366 Standard Country Code

http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_elements.htmIS

Creating SSL MySQL from Windows

Assumed that you will going to install OpenSSL and you wish to apply to your MySQL if you are using Windows Operating System.

1. Download OpenSSL from URL here.
2. Once installation done, add your bin folder of the OpenSSL to your Environment Variable.
3. Open command prompt.
4. Follow the command as below.
cd \
openssl
If you see the result return is “OpenSSL>”, that mean you have successfully installed.
5. Open the MySQL command and refer to the following line.
shell> md c:\newcerts
shell> cd c:\newcerts
6. Test your certificate.
shell> mysqld –defaults-file=$DIR/my.cnf &

Creating SSL MySQL from Linux

SSL certificate always used to encrypted the data file and it is actually supported for database as well.

Today, I will guide you on how to create SSL for MySQL. With this article, I will use OpenSSL as an example.

Please refer to the following command line.
======================
# Create clean environment
shell> rm -rf newcerts
shell> mkdir newcerts && cd newcerts

# Create CA certificate
shell> openssl genrsa 2048 > ca-key.pem
shell> openssl req -new -x509 -nodes -days 1000 \
-key ca-key.pem > ca-cert.pem

# Create server certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout server-key.pem > server-req.pem
shell> openssl x509 -req -in server-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem

# Create client certificate
shell> openssl req -newkey rsa:2048 -days 1000 \
-nodes -keyout client-key.pem > client-req.pem
shell> openssl x509 -req -in client-req.pem -days 1000 \
-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
======================

# Create clean environment
shell&gt; <strong class="userinput"><code>rm -rf newcerts</code></strong>
shell&gt; <strong class="userinput"><code>mkdir newcerts &amp;&amp; cd newcerts</code></strong>

# Create CA certificate
shell&gt; <strong class="userinput"><code>openssl genrsa 2048 &gt; ca-key.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl req -new -x509 -nodes -days 1000 \</code></strong>
         <strong class="userinput"><code>-key ca-key.pem &gt; ca-cert.pem</code></strong>

# Create server certificate
shell&gt; <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
         <strong class="userinput"><code>-nodes -keyout server-key.pem &gt; server-req.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl x509 -req -in server-req.pem -days 1000 \</code></strong>
         <strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 &gt; server-cert.pem</code></strong>

# Create client certificate
shell&gt; <strong class="userinput"><code>openssl req -newkey rsa:2048 -days 1000 \</code></strong>
         <strong class="userinput"><code>-nodes -keyout client-key.pem &gt; client-req.pem</code></strong>
shell&gt; <strong class="userinput"><code>openssl x509 -req -in client-req.pem -days 1000 \</code></strong>
         <strong class="userinput"><code>-CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 &gt; client-cert.pem</code></strong>

Create IIS FTP Over SSL(FTPS)

To create FTP Over SSL, you will need to have at least IIS 7.0 and above with IIS 7.0 installed.

You may refer to the URL as below on how to create IIS FTP.
http://www.mickgenie.com/how-to-install-iis-ftp-7-5/

To get FTP over SSL, you will need to install SSL Certificate on your Web Engine (IIS). To get the SSL Certificate, you may purchase the SSL from CA(Certificate authority), alternatively, you may install Self Signed SSL.

1. Click on the Server Certificates from your IIS 7.x. Continue reading Create IIS FTP Over SSL(FTPS)

Install SSL through Shell

Today, I’m about to guide you how to install the SSL key and it will a bit tricky compare to generate the SSL CSR key.

To install the SSL key through Shell, refer to the step as below.
1. Go to path /usr/share/ssl/certs.
$ [email protected][/]# cd /usr/share/ssl/certs
2. Check if the domain.com.csr and domain.com.cabundle existed, else create them and enter the code.
3. Go to path /usr/share/ssl/private.
$ [email protected][/]# cd /usr/share/ssl/private Continue reading Install SSL through Shell

Create SSL certificate in Shell

SSL certificate is one of the digital encryption with full name of Secure Sockets Layer.

Many webmaster use SSL to encrypt their important information such as payment information, etc.

Before you proceed to create the CSR key for SSL, you need the information as below.

  • Domain name of Certificate
  • Country Code
  • State
  • City
  • Company Name
  • Company Division
  • Email Address of the Certificate
  • Password for the certificate

Run the following command from Shell. Continue reading Create SSL certificate in Shell