Version 1 (modified by Jamie McClelland, 13 years ago) (diff)


How do I enable my site to be accessed securely (via https)?

Please see ticket #407 - includes a proposal for changing this process. Until that ticket is closed, please take the following steps to add a ssl certificate and key to your web site.

If you want to learn more about SSL certificates, please see our related FAQ.

  1. Submit a new ticket requesting a dedicated IP address.
  2. Generate a private key. Ideally you should take this step on a secure personal computer and then copy the key to our server, however, you can secure shell into our servers and run the following commands from a termina. If you are windows user, you can downloand !OpenSSL for windows, linux and !MacOSX users will most likely have it installed already. You can create a private key by typing:
    openssl genrsa -out 1024
  3. You should change the permission on the key so that it is not world readable:
    chmod 440
  4. Next, generate a certificate signing request:
    openssl req -new -key -out
  5. You will be prompted to answer several questions. Most of the are self-explanatory. The most critical question, however, is not very intuitive: The common name. When you are asked to enter the common name be sure to enter your domain name exactly as you want people to access it. If you want people to access your site using, then enter: If you want people to access your site using, then enter: as the common name.
  6. Next, submit your certificate signing request to a certificate authority. They will charge you a fee and return a certificate file. At this point, you will have three files: a key, a certificate signing request, and a certificate file.
  7. Keep a backup of all of these files in a safe place (safe - meaning they will not be overwritten and meaning they will not be easy accessed by others).
  8. Create a directory on our server called ssl in your include directory. Make sure this directory is only readable by you:
    chmod 750 ssl
  9. Copy both your key and your certificate file into this directory
  10. Go to the Members Control Panel and select the Web Config service
  11. Click to add a new item. Select status enabled, choose the user that owns your existing web directory, for port choose "https" and for IP address, enter the IP addressed assigned to you in the first step.
  12. Before submitting, add the following lines to the settings (be sure to edit these lines to match your directories!)
    # SSL Stuff
    SSLEngine On
    SSLCertificateFile /home/members/your-member-name/sites/your-domain-name/include/ssl/yourdomain.crt
    SSLCertificateKeyFile /home/members/your-member-name/sites/your-domain-name/include/ssl/yourdomain.key