How to: Manage SSL Certificates in SiteWorx¶
InterWorx provides a simple interface for SiteWorx users to create SSL certificates for their domains, using either Let’s Encrypt, a paid certificate from a Certificate Authority (CA), or by generating a Self-Signed certificate.
Note
In order for SSL options to be accessible within SiteWorx, the SiteWorx account must be granted permission. This can be accomplished by editing the SiteWorx Account Management form for the account in NodeWorx, under SiteWorx > Accounts.
As enabling SSL access for the SiteWorx account can only be performed by a system administrator, SiteWorx users who do not see SSL listed as an option in SiteWorx should contact their hosting provider.
To Generate a SSL Certificate Using Let’s Encrypt¶
Let’s Encrypt is a free, automated, and open CA, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). Let’s Encrypt integrates with InterWorx via a plugin, which allows users to generate free, secure, SSL certificates.
Let’s Encrypt certificates renew automatically within 30 days of expiration. This is handled by the daily InterWorx cron.
Note
Let’s Encrypt certificates can only be generated for sites that resolve to IPs on the server. If the site is live, make sure that DNS is propagated.
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home
Click the Shield. This opens the SSL Certificates page
Click Generate All With Let’s Encrypt. This opens the Generate All With Let’s Encrypt form
Note
In order for Let’s Encrypt to be accessible within SiteWorx, the plugin must be enabled in NodeWorx under NodeWorx > Plugins. As enabling the Let’s Encrypt plugin can only be performed by a system administrator, SiteWorx users who do not see “Generate All with Let’s Encrypt” listed should contact their hosting provider.
Update the required fields:
Primary Domain: The domain name (common name) the certificate will use. If the desired domain is not listed in the dropdown, it will first need to be added as a pointer domain or subdomain. Note that ‘www.domain.com’ is not the same as ‘domain.com’
Additional Domains: Alternative domain names associated with the certificate. Select the checkbox next to desired domains
Email Address: The email address that should be associated with the certificate
Mode: Let’s Encrypt only allows a certain amount of certificate generation attempts per server, per week. This includes failed attempts. Once that cap is hit, Let’s Encrypt does not allow any more attempts until that counter resets. To better manage the potential for rate limiting, there are two potential modes that can be used to generate a certificate. More information on Let’s Encrypt rate limiting can be found here.
Live: Generates a real LetsEncrypt signed certificate
Staging: Generates a fake certificate that should only be used for testing purposes. It is always recommended to attempt to generate a certificate in Staging mode, first, to test for any potential errors that may appear. If the staged test certificate generates successfully, it should then be safe to generate one in Live mode
Click Generate
To Create a Self-Signed SSL Certificate¶
InterWorx allows SiteWorx users the ability to generate self-signed SSL certificates. While self-signed certificates are not considered as secure as ones provided by Let’s Encrypt or other CAs, they may be useful for testing domains that are not yet live on the server.
In order to generate a self-signed SSL certificate, a private key and Certificate Signing REquest (CSR) must be created, first.
Generating a Private Key¶
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home
Click the Shield. This opens the SSL Certificates page
Click Setup Private Key. This opens the Manage Private Key page
Click Generate. This generates a private key, and automatically returns to the SSL Certificates page. Options to create a CSR and SSL Certificate will now be available
Setting up a Certificate Signing Request¶
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home
Click the Shield. This opens the SSL Certificates page
Click Setup CSR. This opens the Manage CSR page
Update the required fields:
2 Letter Country Code: The county, selected from the dropdown, where the company associated with the domain resides
State or Providence: The state or providence where the company associated with the domain resides
City: The city where the company associated with the domain resides
Company: The company to which the certificate belongs
Company Division: The company division to which the certificate belongs
Common Name: The domain name (common name) the certificate will use. If the desired domain is not shown, it will first need to be added as a pointer domain or subdomain. Note that ‘www.domain.com’ is not the same as ‘domain.com’
Subject Alternative Name: Alternative domain names associated with the certificate
E-mail: The email address that should be associated with the certificate
Click Generate. This generates a CSR, and automatically returns to the SSL Certificates page
Generating the SSL Certificate¶
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home
Click the Shield. This opens the SSL Certificates page
Click Setup SSL Certificate. This opens the Manage SSL Certificate page
Click Generate. This generates an SSL certificate and automatically returns to the SSL Certificates page
To Apply a SSL From a Certificate Authority¶
In order to apply a SSL certificate purchased from a CA, the private key and CSR must be installed, first.
Installing the Private Key¶
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home
Click the Shield. This opens the SSL Certificates page
Click Setup Private Key. This opens the Manage Private Key page
Update the Private Key field with the Private Key provided by the CA
Click Install. This installs the private key, and automatically returns to the SSL Certificates page. Options to create a CSR and SSL Certificate will now be available
Installing a Certificate Signing Request¶
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home
Click the Shield. This opens the SSL Certificates page
Click Setup CSR. This opens the Manage CSR page
Update the Certificate Signing Request (CSR) field with the Certificate Signing Request provided by the CA
Click Install. This installs the CSR, and automatically returns to the SSL Certificates page
Installing the SSL Certificate¶
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home
Click the Shield. This opens the SSL Certificates page
Click Setup SSL Certificate. This opens the Manage SSL Certificate page
Update the SSL Certificate field with the SSL Certificate provided by the CA
Click Install. This installs the SSL certificate and automatically returns to the SSL Certificates page
Installing a SSL Chain Certificate¶
A chain certificate is a digital certificate that provides a bridge of trust between a CA that your browser already trusts with a new and/or previously unknown CA that your browser may or may not already trust.
Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)
In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home
Click the Shield. This opens the SSL Certificates page
Click Setup SSL Chain Certificate. This opens the Manage SSL Chain Certificate page
Update the SSL Chain Certificate field with the Chain Certificate provided by the CA
Click Install. This installs the chain certificate and automatically returns to the SSL Certificates page