This post has been intended for the first time users who want to install GoDaddy SSL certificate in their website. The procedures described here should work well with Apache server and with Nginx.
Steps to take before installing GoDaddy SSL
To install a digital certificate, you must first generate and submit a Certificate Signing Request (CSR) to the Certification Authority (CA). The CSR contains your certificate-application information, including your public key. Use your Web server software to generate the CSR, which will also create your public/private key pair used for encrypting and decrypting secure transactions.
If you send a certification sending request for a domain hosted by Godaddy, you do not have to generate and submit CSR because GoDaddy will that for you.
Useful link: how to geneate as certificate singning request
To Generate CSRs in NGINX or Apache, follow the steps given below,
- Connect to your server via SSH
- Run the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout your domain name.key -out your domain name.csr
Note: in the above command line, you need to replace the domain name with your domain name. For example, if your domain name is example.com, you can type example.key and example.csr.
The same procedure is valid if you want to install SSL in your Apache server.
You have to type the following information:
- Common name
- Organizational unit
- City or locality
- State or province
Though passpharase is optional, you can use a passphrase to make your SSL protect against additional risks.
Open the CSR in a text editor and copy all of the text. The location of the CSR will be the location where you typed the openssl command to create the key. In the location you will find two files: one is yourdomain.key and another is yourdomain.csr. your private key will be yourdomain.key and you can rename it as per your requirements.
Log in to your Godaddy account. Click on SSL certificates and then click on ‘Manage’. Next click on the ‘View Status’. Click on ‘Manage’ and then click on “Re-Key certificate “Paste the full CSR into the SSL request area in your account and click on ‘SAVE’.
Download the cert file and the bundle file from Godaddy and then upload it to the /etc/ssl/certs folder. Also you need to put the private key file in the /etc/ssl/private directory.
Make sure you mention the location of the cert and key files in config file of the web service that is installed in your webserver.
How to install a wildcard certificate in the second server without generating CSR
Scenario: You have installed your wildcard certificate in a server, and now want to add that cert in a second server.
At first,combine your certificate with your private key. Godaddy provides a gd_bungle certificate and a singed certificate. In cryptograpy, you can can combine a number of certicate file into a single file using file archieve format known as PKCS12 or pfx .In order to create a pkcs12(pfx) cert file, you need to combine both the godaddy cert files into a single file.For example, you have two files–one is mycert.crt and another is gd_bundle.crt. To combine the files, run the following commands as shown below in your Linux machine
cat mycert.crt gd_bundle.crt > combined.crt
To create pkcs12 file, you can use Ubuntu Linux or use https://www.sslshopper.com/ssl-converter.html. I used Ubuntu Linux because I already had Ubuntu installed and it has a built in pkcs12 functionality.
Run the following command in to create your pkcs12 certificate
openssl pkcs12 -export -in combined.crt -inkey mykey.key -out smsvpncert.p12
To check the pkcs12 certificate:
openssl pkcs12 -info -in smsvpncert.p12
Next go to https://certs.godaddy.com/repository and download the
gd_intermediate.crt (pem) file from GoDaddy Certificate Chain
Then, install this gd_intermediate.crt (pem) file in the ASDM CA.
Finally, click on identify certificate in the ASA, and then select pkcs12 file that you generate in Ubuntu.
type the passphrase that you created with the p12 file. and install the certificate.
To apply the certificate, go to device management and then click on Advanced and then ssl settings.
click on edit button of outside interface and select the identity certificate that you created earlier.
If you have any questions and thoughts about wildcard SSL certification, please share your feedback with us.