Applying for an SSL Certificate from a Third-Party Authority
In a production environment, using SSL certificates issued by a trusted third-party authority (CA) is an important measure to ensure website security. This document will introduce how to configure a third-party issued SSL certificate in ServBay.
WARNING
It is particularly emphasized that certificates issued by third parties only support standard domain names (such as gTLD, ccTLD, New gTLD), and do not support custom non-standard suffixes (such as .local, .test).
Step 1: Apply for a Third-Party SSL Certificate
First, you need to apply for an SSL certificate from a trusted third-party CA such as Let's Encrypt, DigiCert, or GlobalSign. Below are the basic steps for applying for an SSL certificate:
Generate a Private Key
Open a terminal and run the following command to generate a private key:
shopenssl genpkey -algorithm RSA -out servbay.demo.key -pkeyopt rsa_keygen_bits:2048Generate a Certificate Signing Request (CSR)
Use the generated private key to create a certificate signing request:
shopenssl req -new -key servbay.demo.key -out servbay.demo.csrDuring this process, you will need to provide some information. Below is a sample input:
Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Hong Kong Locality Name (eg, city) []:Kowloon Organization Name (eg, company) [Internet Widgits Pty Ltd]:ServBay Organizational Unit Name (eg, section) []:Development Common Name (e.g. server FQDN or YOUR name) []:servbay.demo Email Address []:[email protected]Submit the CSR
Submit the generated CSR file (
servbay.demo.csr) to your chosen third-party CA. Depending on the CA's specific requirements, you may need to verify domain ownership.Receive the Certificate
Once the CA verification is successful, you will receive a signed SSL certificate file (usually in
.crtor.pemformat) and possibly an intermediate certificate chain file.
Considerations
It is particularly emphasized that third-party issued certificates only support standard domain names. Here are examples of some standard domain types:
- gTLD (generic top-level domain): such as .com, .org, .net
- ccTLD (country code top-level domain): such as .cn, .uk, .jp
- New gTLD (new generic top-level domain): such as .app, .tech, .xyz
Custom non-standard suffixes (such as .local, .test) cannot acquire SSL certificates from third-party CAs.
Step 2: Configure the Third-Party SSL Certificate in ServBay
After obtaining the SSL certificate issued by a third-party CA, you need to configure these certificates in ServBay. Place the generated certificate file and private key file in the /Applications/ServBay/ssl/import/tls-certs directory for easy management and use.
Move the Certificate Files to the Specified Directory
Use the following commands to move the private key file and certificate file to the
/Applications/ServBay/ssl/import/tls-certsdirectory:shmv servbay.demo.key /Applications/ServBay/ssl/import/tls-certs/ mv servbay.demo.crt /Applications/ServBay/ssl/import/tls-certs/ # Also move the intermediate certificate chain file if it exists mv intermediate.crt /Applications/ServBay/ssl/import/tls-certs/Merge the Intermediate Certificate
If the CA provides an intermediate certificate chain file, you need to merge its contents into your certificate file. Use the following command to append the intermediate certificate to your certificate file:
shcat intermediate.crt >> /Applications/ServBay/ssl/import/tls-certs/servbay.demo.crtOpen the ServBay Management Panel
Launch the ServBay application and enter the management panel.
Add a Website
Select the
Websiteoption in the management panel.Choose the SSL Certificate Issuance Method
During the website addition process, you will see an option to choose the SSL certificate issuance method. Select
Custom.Specify the Certificate Files
Specify your generated private key file and merged certificate file in the
certificate key fileandcertificate filefields, respectively:- Certificate Private Key File:
/Applications/ServBay/ssl/import/tls-certs/servbay.demo.key - Certificate File:
/Applications/ServBay/ssl/import/tls-certs/servbay.demo.crt
- Certificate Private Key File:
Set Hostname and Domain Name
Enter
servbay.demoin the hostname and domain name fields.Complete the Website Addition
Follow the prompts to complete the website addition process. At this point, your server will use the SSL certificate issued by a third-party CA.
Verify the Configuration
After completing the above steps, you can access the configured website through a browser. If configured correctly, the browser address bar should display a secure lock icon, indicating the use of a trusted SSL certificate.
Conclusion
By following the steps above, you can configure and use a third-party issued SSL certificate in ServBay. This not only enhances the security of the website but also boosts user trust in the site. Remember, third-party issued certificates only support standard domain names and not custom non-standard suffixes. Hopefully, this guide helps you smoothly configure a third-party SSL certificate and ensure your website is secure and reliable.