www.bonsaiframework.com
Page tree

Versions Compared

Old Version 75

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 76

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A not so obvious prompt is Common Name (eg, YOUR Name). This value should not be your name. Instead it should be the base domain name of your website. In our example, it would could be earth.com or www.earth.com.

We prefer using the www in our domain name, so we use will www.earth.com.

...

Again with CAs that support both

Info

CA's such as StartSSL can have SSL support for both www and no www. This is possible because the CA issues certificates where the Certificate Subject Alt Name extension is populated by both DNS Names, www.earth.com and earth.com will have ssl support.


Code Block
languagebash
titlePrompts from Running openssl req
linenumberstrue
collapsetrue
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:Ontario
Locality Name (eg, city) []:Toronto
Organization Name (eg, company) [Internet Widgits Pty Ltd]:The Planet Earth Incorporated
Organizational Unit Name (eg, section) []:Earth Defence
Common Name (eg, YOUR name) []:www.earth.com
Email Address []:admin@earth.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

...

Note

It is not possible to run multiple SSL-enabled virtual hosts on a server with only one IP address. A separate IP address or port is necessary for each SSL-enabled domain. There are new modules that provide this functionality, but as of May 2011 it is not yet widely supported by browsers.

Verify with Browser

Launch a browser and try both https://www.earth.com and https://earth.com.

A lock icon should appear somewhere on your browser to indicate that the browser session is now encrypted.

Certificate details can also be verified by clicking on the lock icon and selecting View certificates.



Info

On the topic of having SSL support for both https://www.earth.com and http://earth.com when viewing the certificate naviagate to,

www.earth.com
Certificate
Extensions
Certificate Subject Alt Name

Under the Certificate Subject Alt Name will see both DNS entries,

Not Critical
DNS Name: www.earth.com
DNS Name: earth.com

References

https://help.ubuntu.com/10.04/serverguide/C/httpd.html#https-configuration - trying this one first.

...