SSL Certification for Websites: Difference between revisions

"SSL Certification for Websites"

We have to follow this SSL certification for only “apoyar.eu” domain all sites

We have to install the certbot with following command only

• certbot certonly –nginx

• For all websites we are securing should have only TLS 1.2 and 1.3

• We don’t have to use SSL and TLS 1.0 , 1.1

To know, nginx version and certification details we have, go to below path

• cd /etc/nginx

and, run below command

• nginx –V

To know what websites are running on server, go to below path

• cd /etc/nginx/sites-enabled/

and run below command

• grep -rnw '/etc/nginx/sites-available/' -e 'server_name'

For every SSL certification configuration, we have to follow below two redirection

• www --> non-www

• http --> https

for ex. www.apoyar.eu  http://www.apoyar.eu  https://www.apoyar.eu  https://apoyar.eu

How to create DNS CAA record

• Go to go daddy

• Manage DNS

• Select domain and click on add

• Enter the details as per below

Name - @

Flags - 0

Tag – issue

Value – godaddy.com

If we have generated certificate from letsencrypt we can add CAA record for that with only changing value field with

Name - @

Flags – 0

Tag – issue

Value – letsencrypt.org

Note –

To check websites Security level and Certification details, Go to https://www.ssllabs.com/ssltest/ and enter website name (ex. apoyar.eu) and click submit, it will give you a summary of all security and certificates.

To determine which Certification authority (first column) has which DNS CAA string (second column) go to below link https://www.entrust.com/knowledgebase/ssl/certification-authority-authorization-caa-record-ca-values