How to: Manage SSL Certificates in SiteWorx

InterWorx provides a simple interface for SiteWorx users to create SSL certificates for their domains, using either Let’s Encrypt, a paid certificate from a Certificate Authority (CA), or by generating a Self-Signed certificate.

Note

In order for SSL options to be accessible within SiteWorx, the SiteWorx account must be granted permission. This can be accomplished by editing the SiteWorx Account Management form for the account in NodeWorx, under SiteWorx > Accounts.

As enabling SSL access for the SiteWorx account can only be performed by a system administrator, SiteWorx users who do not see SSL listed as an option in SiteWorx should contact their hosting provider.

To Generate a SSL Certificate Using Let’s Encrypt

Let’s Encrypt is a free, automated, and open CA, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). Let’s Encrypt integrates with InterWorx via a plugin, which allows users to generate free, secure, SSL certificates.

Let’s Encrypt certificates renew automatically within 30 days of expiration. This is handled by the daily InterWorx cron.

Note

Let’s Encrypt certificates can only be generated for sites that resolve to IPs on the server. If the site is live, make sure that DNS is propagated.

  1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

  2. In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home

  3. Click the Shield. This opens the SSL Certificates page

    siteworx manage domains

  4. Click Generate All With Let’s Encrypt. This opens the Generate All With Let’s Encrypt form

    Note

    In order for Let’s Encrypt to be accessible within SiteWorx, the plugin must be enabled in NodeWorx under NodeWorx > Plugins. As enabling the Let’s Encrypt plugin can only be performed by a system administrator, SiteWorx users who do not see “Generate All with Let’s Encrypt” listed should contact their hosting provider.

  5. Update the required fields:

    • Primary Domain: The domain name (common name) the certificate will use. If the desired domain is not listed in the dropdown, it will first need to be added as a pointer domain or subdomain. Note that ‘www.domain.com’ is not the same as ‘domain.com’

    • Additional Domains: Alternative domain names associated with the certificate. Select the checkbox next to desired domains

    • Email Address: The email address that should be associated with the certificate

    • Mode: Let’s Encrypt only allows a certain amount of certificate generation attempts per server, per week. This includes failed attempts. Once that cap is hit, Let’s Encrypt does not allow any more attempts until that counter resets. To better manage the potential for rate limiting, there are two potential modes that can be used to generate a certificate. More information on Let’s Encrypt rate limiting can be found here.

      • Live: Generates a real LetsEncrypt signed certificate

      • Staging: Generates a fake certificate that should only be used for testing purposes. It is always recommended to attempt to generate a certificate in Staging mode, first, to test for any potential errors that may appear. If the staged test certificate generates successfully, it should then be safe to generate one in Live mode

    siteworx let's encrypt form

  6. Click Generate

To Create a Self-Signed SSL Certificate

InterWorx allows SiteWorx users the ability to generate self-signed SSL certificates. While self-signed certificates are not considered as secure as ones provided by Let’s Encrypt or other CAs, they may be useful for testing domains that are not yet live on the server.

In order to generate a self-signed SSL certificate, a private key and Certificate Signing REquest (CSR) must be created, first.

Generating a Private Key

  1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

  2. In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home

  3. Click the Shield. This opens the SSL Certificates page

  4. Click Setup Private Key. This opens the Manage Private Key page

    siteworx ssl options no private key, csr, chain, or ssl

  5. Click Generate. This generates a private key, and automatically returns to the SSL Certificates page. Options to create a CSR and SSL Certificate will now be available

    siteworx generate private key

Setting up a Certificate Signing Request

  1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

  2. In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home

  3. Click the Shield. This opens the SSL Certificates page

  4. Click Setup CSR. This opens the Manage CSR page

    siteworx ssl options private key added. no csr or ssl certs

  5. Update the required fields:

    • 2 Letter Country Code: The county, selected from the dropdown, where the company associated with the domain resides

    • State or Providence: The state or providence where the company associated with the domain resides

    • City: The city where the company associated with the domain resides

    • Company: The company to which the certificate belongs

    • Company Division: The company division to which the certificate belongs

    • Common Name: The domain name (common name) the certificate will use. If the desired domain is not shown, it will first need to be added as a pointer domain or subdomain. Note that ‘www.domain.com’ is not the same as ‘domain.com’

    • Subject Alternative Name: Alternative domain names associated with the certificate

    • E-mail: The email address that should be associated with the certificate

    siteworx add csr form

  6. Click Generate. This generates a CSR, and automatically returns to the SSL Certificates page

Generating the SSL Certificate

  1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

  2. In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home

  3. Click the Shield. This opens the SSL Certificates page

  4. Click Setup SSL Certificate. This opens the Manage SSL Certificate page

    siteworx ssl options private key and csr added. no ssl cert

  5. Click Generate. This generates an SSL certificate and automatically returns to the SSL Certificates page

    siteworx generate ssl cert

To Apply a SSL From a Certificate Authority

In order to apply a SSL certificate purchased from a CA, the private key and CSR must be installed, first.

Installing the Private Key

  1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

  2. In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home

  3. Click the Shield. This opens the SSL Certificates page

  4. Click Setup Private Key. This opens the Manage Private Key page

    siteworx ssl options no private key, csr, chain, or ssl

  5. Update the Private Key field with the Private Key provided by the CA

    siteworx install private key

  6. Click Install. This installs the private key, and automatically returns to the SSL Certificates page. Options to create a CSR and SSL Certificate will now be available

Installing a Certificate Signing Request

  1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

  2. In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home

  3. Click the Shield. This opens the SSL Certificates page

  4. Click Setup CSR. This opens the Manage CSR page

    siteworx ssl options private key added. no csr, chain, or ssl certs

  5. Update the Certificate Signing Request (CSR) field with the Certificate Signing Request provided by the CA

    siteworx install csr

  6. Click Install. This installs the CSR, and automatically returns to the SSL Certificates page

Installing the SSL Certificate

  1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

  2. In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home

  3. Click the Shield. This opens the SSL Certificates page

  4. Click Setup SSL Certificate. This opens the Manage SSL Certificate page

    siteworx ssl options private key and csr added. no ssl or chain cert

  5. Update the SSL Certificate field with the SSL Certificate provided by the CA

    siteworx install ssl cert

  6. Click Install. This installs the SSL certificate and automatically returns to the SSL Certificates page

Installing a SSL Chain Certificate

A chain certificate is a digital certificate that provides a bridge of trust between a CA that your browser already trusts with a new and/or previously unknown CA that your browser may or may not already trust.

  1. Log into SiteWorx from the browser (https://ip.ad.dr.ess:2443/siteworx)

  2. In SiteWorx, navigate to Hosting Features > Domains > Manage, either either from the side menu or SiteWorx home

  3. Click the Shield. This opens the SSL Certificates page

  4. Click Setup SSL Chain Certificate. This opens the Manage SSL Chain Certificate page

    siteworx ssl options, private key, csr, and ssl added. no chain cert

  5. Update the SSL Chain Certificate field with the Chain Certificate provided by the CA

    siteworx install chain cert

  6. Click Install. This installs the chain certificate and automatically returns to the SSL Certificates page