How to Setup HTTPS/SSL Certificates: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
Note that we do not resell SSL Certificates through Bravenet at this time, but we do include support for you to add your SSL Certificates to your account and set them up with your FTP hosted domains/sites | Note that we do not resell SSL Certificates through Bravenet at this time, but we do include support for you to add your SSL Certificates to your account and set them up with your FTP hosted domains/sites. If you don't already have one, you can get a free compatible certificate from here on StartSSL: http://www.startssl.com/?app=1 | ||
You will need to ensure that you have the domain registered (either with us, or as an external domain) before you can load the certificate. You will also want your certificates to cover both www.yourdomain.com and yourdomain.com (most SSL providers will include yourdomain.com if you certify www.yourdomain.com). You will also need a Bravenet Pro account. | ==Specifications== | ||
===Certificate Requirements=== | |||
For SSL Certificates to be compatible with a Bravenet-hosted website, they must be x509 certificates, in the .pem format. | |||
You will need to ensure that you have the domain registered (either with us, or as an external domain) before you can load the certificate. You will also want your certificates to cover both www.yourdomain.com and yourdomain.com (most SSL providers will include yourdomain.com if you certify www.yourdomain.com). You will also need a Bravenet Pro account to utilize SSL Certificates. | |||
===Server/User Considerations=== | |||
On the server-side, Bravenet HTTPS protocols are facilitated/provided through a reverse proxy powered by Nginx. | |||
End-user browsers must support SNI (Server Name Indication) to be compatible with SSL Certificates. By default, most browsers provide SNI support, but some do not. | |||
==Setup the SSL Certificate== | |||
#Log in to your Bravenet user account. | #Log in to your Bravenet user account. | ||
Revision as of 12:25, 3 July 2015
Note that we do not resell SSL Certificates through Bravenet at this time, but we do include support for you to add your SSL Certificates to your account and set them up with your FTP hosted domains/sites. If you don't already have one, you can get a free compatible certificate from here on StartSSL: http://www.startssl.com/?app=1
Specifications
Certificate Requirements
For SSL Certificates to be compatible with a Bravenet-hosted website, they must be x509 certificates, in the .pem format.
You will need to ensure that you have the domain registered (either with us, or as an external domain) before you can load the certificate. You will also want your certificates to cover both www.yourdomain.com and yourdomain.com (most SSL providers will include yourdomain.com if you certify www.yourdomain.com). You will also need a Bravenet Pro account to utilize SSL Certificates.
Server/User Considerations
On the server-side, Bravenet HTTPS protocols are facilitated/provided through a reverse proxy powered by Nginx.
End-user browsers must support SNI (Server Name Indication) to be compatible with SSL Certificates. By default, most browsers provide SNI support, but some do not.
Setup the SSL Certificate
- Log in to your Bravenet user account.
- Click to the Web Hosting tab from the top of the page.
- Click on the SSL Certificates button.
- If you were provided the certificate as separate files, click the Upload Files radio button.
- Click Choose File by Certificate, and navigate to the certificate file (extension .pem or .crt usually).
- Click Choose File by Private Key, and navigate to the key file (extension .key usually).
- If instead you have the cert as plaintext, select the Paste Text radio button.
- Click into the Certificate text field, and paste the certificate code, including and starting at the line -----BEGIN CERTIFICATE----- and ending with and including -----END CERTIFICATE-----
- Click into the Private Key text field, and paste the key code, including and starting at the line -----BEGIN RSA PRIVATE KEY----- and ending with and including -----END RSA PRIVATE KEY-----
- Enter the certificates password if there is one. If not, leave the field empty.
- Click on Add Certificate to finalize the certificate.