Apply for SSL Certificates from Third-party CAs

In a production environment, using SSL certificates issued by trusted third-party Certification Authorities (CAs) is a critical measure to ensure website security. This article will describe how to configure third-party SSL certificates in ServBay.

WARNING

It is important to emphasize that third-party issued certificates only support standard domain names (such as gTLD, ccTLD, New gTLD), and do not support custom non-standard suffixes (such as .local, .test).

Step 1: Apply for a Third-party SSL Certificate

First, you need to apply for an SSL certificate from a trusted third-party CA (such as Let's Encrypt, DigiCert, GlobalSign, etc.). The basic steps to apply for an SSL certificate are as follows:

1. Generate Private Key

   Open the terminal and run the following command to generate a private key:

   openssl genpkey -algorithm RSA -out servbay_demo.key -pkeyopt rsa_keygen_bits:2048

2. Generate Certificate Signing Request (CSR)

   Use the generated private key to create a certificate signing request:

   openssl req -new -key servbay_demo.key -out servbay_demo.csr

   During this process, you need to provide some information. Here is an example:

   Country Name (2 letter code) [AU]:CN
   State or Province Name (full name) [Some-State]:Hong Kong
   Locality Name (eg, city) []:Kowloon
   Organization Name (eg, company) [Internet Widgits Pty Ltd]:ServBay
   Organizational Unit Name (eg, section) []:Development
   Common Name (e.g. server FQDN or YOUR name) []:servbay.demo
   Email Address []:[email protected]

3. Submit CSR

   Submit the generated CSR file (servbay_demo.csr) to your chosen third-party CA. Depending on the specific requirements of the CA, you may need to verify domain ownership.

4. Obtain Certificate

   Once the CA has verified, you will receive a signed SSL certificate file (usually in .crt or .pem format) and possibly an intermediate certificate chain file.

Notes

It is important to emphasize that third-party issued certificates only support standard domain names (such as gTLD, ccTLD, New gTLD), and do not support custom non-standard suffixes. For example, here are some examples of standard domain names:

• gTLD (Generic Top-Level Domains): such as .com, .org, .net
• ccTLD (Country Code Top-Level Domains): such as .cn, .uk, .jp
• New gTLD (New Generic Top-Level Domains): such as .app, .tech, .xyz

Custom non-standard suffixes (such as .local, .test) cannot obtain SSL certificates from third-party CAs.

Step 2: Configure Third-party SSL Certificates in ServBay

After obtaining the SSL certificates from third-party CAs, the next step is to configure these certificates in ServBay. Place the generated certificate files and private key files in the /Applications/ServBay/ssl directory for easy management and use.

1. Move Certificate Files to the Specified Directory

   Use the following commands to move the private key and certificate files to the /Applications/ServBay/ssl directory:

   mv servbay_demo.key /Applications/ServBay/ssl/
   mv servbay_demo.crt /Applications/ServBay/ssl/
   # If you have an intermediate certificate chain file, move that as well
   mv intermediate.crt /Applications/ServBay/ssl/

2. Merge Intermediate Certificates

   If the CA provides an intermediate certificate chain file, you need to merge its contents into your certificate file. Use the following command to append the intermediate certificate to your certificate file:

   cat intermediate.crt >> /Applications/ServBay/ssl/servbay_demo.crt

3. Open ServBay Management Panel

   Launch the ServBay application and enter the management panel.

4. Add Host

   Select the Host option in the management panel.

5. Select SSL Certificate Issuance Method

   During the process of adding a host, you will see an option to select the SSL certificate issuance method. Select Custom.

6. Specify Certificate Files

   In the certificate key file and certificate file fields, specify the private key file and the merged certificate file you generated:

   • Certificate private key file: /Applications/ServBay/ssl/servbay_demo.key
   • Certificate file: /Applications/ServBay/ssl/servbay_demo.crt

7. Set Host Name and Domain Name

   In the host name and domain name fields, enter servbay.demo.

8. Complete Host Addition

   Follow the prompts to complete the process of adding a host. At this point, your host will use the SSL certificate issued by the third-party CA.

Verify Configuration

After completing the above steps, you can access the configured host via a browser. If configured correctly, a secure lock icon should appear in the browser's address bar, indicating that a trusted SSL certificate is being used.

Conclusion

By following the above steps, you can configure and use third-party CA-issued SSL certificates in ServBay. This not only enhances the security of your website but also increases users' trust in the site. Remember that third-party issued certificates support only standard domain names and do not support custom non-standard suffixes. I Hope this article helps you successfully configure third-party SSL certificates and ensure your website is safe and reliable.