How to: Manage SSL Certificates For System Services

The InterWorx Control Panel provides a simple to use interface for managing SSL Certificates for system services. These services include the InterWorx internal web server, FTP, SMTP, and Dovecot.

From the SSL Certificates page in NodeWorx, it is possible to view and edit a service’s SSL Certificate, generate a self signed SSL Certificate, add an SSL certificate purchased from a Certificate Authority, Generate Let’s Encrypt certificates for system services, apply a SiteWorx account’s SSL certificate to system services, and update all services in a single step.

Contents

• How to: Manage SSL Certificates For System Services

  • To View a Service’s SSL Certificate

  • To Edit a Service’s SSL Certificate

  • Updating the SSL Certificate for System Services

    • To Generate a Self-Signed SSL Certificate

    • To Use an SSL Certificate Purchased From a Certificate Authority

    • To Use the SSL Certificate of a SiteWorx Account

    • To Generate System Service SSL Certificates using Let’s Encrypt

To View a Service’s SSL Certificate

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to Server > SSL Certificates

3. Click the Magnifying Glass next to the service

   

To Edit a Service’s SSL Certificate

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to Server > SSL Certificates

3. Click the Pencil next to the service. This opens the Edit an SSL Certificate form

4. Update the required fields:

   • Private Key: The private key

   • SSL Certificate: The SSL certificate

   • Chain Certificate: (Optional) The chain certificate

   • SSL Cipher Suite: (Optional) The OpenSSL cipher specifications to configure the Cipher Suite the client is permitted to negotiate in the SSL handshake phase. This will most likely not need to be edited

   • Restart Services: Most services require that they be restarted before the SSL Certificates will be applied. The service restarts are usually very fast, and there should not be any significant service interruption

   

5. Click Save

Updating the SSL Certificate for System Services

InterWorx allows the ability to update all system service SSL certificates at one time. The service SSL certificates may be updated by generating a self-signed certificate, copy and pasting an SSL certificate purchased from a Certificate Authority, using the SSL certificate of a SiteWorx account, or generating a Let’s Encrypt certificate for the hostname domain.

To Generate a Self-Signed SSL Certificate

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to Server > SSL Certificates

3. Click …. This opens an options form

4. Select Generate a Self-Signed SSL Certificate

5. Update the required fields. These include:

   • Key Length: 2048 is the standard

   • Years Until Expiration: Determines when the SSL certificate will expire

   • Common Name: The domain name the certificate will use. Note that www.domain.com is not the same as domain.com. A wildcard domain (which begins with an asterisk) is a valid option and applies to all subdomains

     • For example, a Common Name of *.domain.com would create a CSR that is valid for domain.com, sub1.domain.com, sub2.domain.com, etc

   • Subject Alternative Name: (Optional) List of alternative domain names to associate with the certificate

   • Email Address: Email address that is associated with the certificate

6. Select the E-mail SSL Certificate checkbox to receive a confirmation email

7. Select the checkboxes next to the services the SSL Certificate will be installed for automatically upon generation

8. Select Yes or No from the Restart Services Now dropdown

   • Most services require that they be restarted before the SSL Certificates will be applied. The service restarts are usually very fast, and there should not be any significant service interruption

   

9. Click Generate

To Use an SSL Certificate Purchased From a Certificate Authority

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to Server > SSL Certificates

3. Click …. This opens an options form

4. Select Update All Services

5. Select Copy/Paste from the Certificate Source dropdown

6. Update the Required Fields:

   • Private Key: The private key proved by the Certificate Authority (CA)

   • SSL Certificate: The SSL certificate provided by the CA

   • Chain Certificate: (Optional) The chain certificate, if one was provided by the CA

7. Select the checkboxes next to the services the SSL Certificate will be installed for automatically upon generation

8. Select Yes or No from the Restart Services Now dropdown

   • Most services require that they be restarted before the SSL Certificates will be applied. The service restarts are usually very fast, and there should not be any significant service interruption

   

9. Click Save

To Use the SSL Certificate of a SiteWorx Account

Note

To avoid domain mismatch security errors in browsers, it is recommended, if using this option, to create SiteWorx account for the hostname domain. The domain is also required to resolve to the server. More information on creating a SiteWorx account can be found here.

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to Server > SSL Certificates

3. Click …. This opens an options form

4. Select Update All Services

5. Select Domain from the Certificate Source dropdown

6. Select the domain from the Certificate From dropdown

7. Select the checkboxes next to the services the SSL Certificate will be installed for automatically upon generation

8. Select Yes or No from the Restart Services Now dropdown

   • Most services require that they be restarted before the SSL Certificates will be applied. The service restarts are usually very fast, and there should not be any significant service interruption

   

9. Click Save

To Generate System Service SSL Certificates using Let’s Encrypt

Note

Using Let’s Encrypt for system service SSL certificates requires that the hostname domain both resolves to the server, and is not attached to a SiteWorx account.

1. Log into NodeWorx from the browser (https://ip.ad.dr.ess:2443/nodeworx)

2. From NodeWorx, navigate to Server > SSL Certificates

3. Click …. This opens an options form

4. Select Update All Services

5. Select Let’s Encrypt from the Certificate Source dropdown

6. Update the required fields:

   • Hostname: The hostname domain of the server

   • Email Address: Email address associated with the certificate

   • Mode: Let’s Encrypt rate limits attempts of generating a Let’s Encrypt certificate. If generating a Let’s Encrypt certificate for a domain fails too many times, attempts are locked out for a period of time. Because of this limitation, there are two options for SSL certificate generation. More information on Let’s Encrypt rate limiting can be found here

     • Live: Will attempt to generate a live certificate. Failed attempts counts against rate limit

     • Staging: Recommended before attempting a Live services. Will attempt to generate a test certificate. Failed attempts do not count against rate limit

7. Select the checkboxes next to the services the SSL Certificate will be installed for automatically upon generation

8. Select Yes or No from the Restart Services Now dropdown

   • Most services require that they be restarted before the SSL Certificates will be applied. The service restarts are usually very fast, and there should not be any significant service interruption

   

9. Click Save