Overview
At some point, you may need to install an SSL certificate to secure your DNN Site, and this article provides the information necessary to generate an SSL certificate and complete the certificate installation to secure the environment. This article will resolve any SSL errors with "Your connection is not private"
Solution
Follow the process detailed below to set up an SSL certificate successfully.
-
Purchase an SSL certificate from an SSL Certificate Authority. Examples include any of the following:
-
Generate a CSR (Certificate Signing Request).
A CSR is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate. It is usually generated on the server where the certificate is installed. It contains information included in the certificate, such as the organization name, common name (domain name), locality, and country.
A Private Key is usually created at the same time that you generate the CSR, and this key needs to be kept in a safe place.
You can generate a CSR using one of the following methods:
Method Description Certificate Authority Certificate Authority web sites often provide guides or setup wizards to assist in the generation of a CSR. Refer to your Certificate Authority for further details. IIS Also known as Microsoft Web Server, many websites provide customized instructions for generating a CSR based on the IIS version in use. Example: The DigiCert website offers instructions for Creating a CSR and Installing an SSL Certificate using IIS 10. CSR Generator This is a straightforward web-based form that generates both a CSR and a Private Key. Generate a PFX file with a CSR via OpenSSL through a Linux application
-
Install OpenSSL from a terminal/bash and then run the application.
- Create a Private Key (PEM) by using the following command:
The client can generate a stronger key with 4096 bits instead of 2048 by substituting the parameter in the command.openssl genrsa -des3 -out privatekeyname.pem 2048
. -
Create a passphrase. The longer and more complex the passphrase, the higher the security.
-
Generate a Certificate Request (CSR) by using the following command:
openssl req -new -sha256 -key privatekeyname.pem -out certificaterequestname.csr
-
Enter a Private Key passphrase.
-
Fill in all of the information required for the request.
-
Submit the CSR to the Signing Entity (GoDaddy, 1and1, etc.)
-
Get the CRT/P7B from the Signing Entity.
Note: If the file received is a P7B, convert it to a CRT using the following command:openssl pkcs7 -print_certs -in certificatename.p7b -out certificatename.crt
-
Generate the PFX using the CRT(s) and PEM, as shown below:
openssl pkcs12 -export -out certificatename.pfx -inkey privatekeyname.pem -in certificatename.crt
-
Once you have taken care of the CSR and PFX, you can proceed to Step 4 below.
-
-
Verify the domain with the CSR. You then submit the CSR to the SSL Certificate Authority designated in Step 1 and receive the certificate files. The certificate authorities generally provide the data in a single compressed (zip) file.
-
Install the SSL certificate into the server.
- If you are installing through IIS, you can follow this guide, which should work for most versions of IIS.
- If your environment is currently on DNN On-Demand, please contact support and provide us with the certificate files.
-
Set up HTTPS redirection.
You can set up a redirect from HTTP to HTTPS by using the IIS rewrite module. For more information on this process, please review the Microsoft tech blog entry titled "Redirect From HTTP to HTTPS Using the IIS URL Rewrite Module."
You can also set up a redirect through DNN by setting the pages to all secure by running the following query and setting the PortalID for the portal you would like secure:
UPDATE Tabs SET IsSecure = 1 AND PortalID = #
- Ensure that the site is completely set to SSL by forcing the website to load in https. Follow the process detailed in the article "Enabling SSL for DNN."
Testing
You can verify that the SSL certificate was correctly installed when you browse the domain via HTTPS and see the padlock beside the domain in the address bar.
If the site is still not secure, press F12 to open the developer tools. Click the Security tab, and there is an error message that tells you what went wrong.
Comments
0 comments
Please sign in to leave a comment.