Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Digital Certificates & Joomla! - How to get, install, make use of digital certificates with Joomla
1. Digital Certificates & Joomla!
How to get, install, make use of digital certificates
with Joomla! (and other applications too)
Joomla! User Group Toronto
2016/11/23
2. Why do we need digital certificates?
So you can connect via https:// instead of http://
And that means?
The information that flows between your browser
and the web server is encrypted. And the
certificate ensures that you’re talking to who you
think you’re talking to.
3. Setting Joomla! To use https://
● Fortunately with Joomla! All you have to do is
change one setting - “Force HTTPS”
5. Well, not quite
● You do have to “Save & Close”
● You can also have “Administrator Only”
● The regular users still can use http://, but the
administrator interface is set to use https://
That seems almost too simple ...
there must be more to it?
6. Yes, there will be a few more slides
before we’re done ...
● The rest actually happens on the web server side
● You need a certificate to identify the site being
served by the web server.
● These certificates fall broadly in 3 categories
● Self-signed
● SSL certificates
● Web server certificates (with different levels of
verification)
7. Self-Signed Certificates
● You create them yourself, but with no sense of
proof of identity
● These are the ones that most browsers will give
warnings about.
● From an encryption point of view they are just
as “good” as ones issued by a Certificate
Authority
9. SSL Certificates
● Some free options (Let’s Encrypt is one, which
we’ll look at in more detail)
● Paid SSL certificates are generally less
expensive than the 3rd group (about $50 per
year)
● You won’t get the error message, but you don’t
have any proof of the identity of the
organization behind the web site.
10. Https with Let’s Encrypt SSL
● Green background, no error message, green
closed lock (although that varies by browser)
11. What can I use this for
● Usually you’d use the SSL certificates for less
critical information. Usually you wouldn’t use
them for anything involving collecting credit
card information, for example.
● But since Google is now moving towards
pushing sites that aren’t using encryption down
in search results, it is a good idea for even
regular sites.
12. There must be a downside?
● Not all browsers are happy with all Certificate
Authorities
● While they work with almost all browsers, there
will be some that come up with a warning, or
don’t work.
14. Known Compatible
· Mozilla Firefox >= v2.0
· Google Chrome
· Internet Explorer on Windows XP SP3 and higher
· Microsoft Edge
· Android OS >= v2.3.6
· Safari >= v4.0 on macOS
· Safari on iOS >= v3.1
· Debian Linux >= v6
· Ubuntu Linux >= v12.04
· NSS Library >= v3.11.9
· Amazon FireOS (Silk Browser)
· Cyanogen > v10
· Jolla Sailfish OS > v1.1.2.16
· Kindle > v3.4.1
· Java >= JDK 8u101
15. And the others ...
– Possibly Incompatible
· Sony PS3 and PS4 Game Consoles
– Known Incompatible
· Blackberry OS v10, v7, & v6
· Android < v2.3.6
· Nintendo 3DS
· Windows XP prior to SP3
· cannot handle SHA-2 signed certificates
· Java < JDK 8u101
16. Web Certificates
● Most expensive - $100 to $250 per year
● The Certificate Authority verifies the identity (to
a greater or lesser extent) of the entity
requesting the certificate.
● Usually used for credit card, banking or other
sensitive web sites.
● Widely supported by most browsers
18. Google
● Some Anti-Virus/Malware products will intercept
all URL’s as part of protecting you from malware
● As part of that, https connections will connect
using the AV’s certificate on your local machine
so that the data can be decrypted and checked.
● The certificate used to connect will be checked,
and if it isn’t Google’s, the connection will be
denied.
19. Using Let’s Encrypt Certificates
● There is a cPanel extension under development that
will allow you to create your own
● Some ISP’s generate them for you
● You can install the software, but you may not be able
to on shared hosting.
● You can also manually install them.
● We’ll look at the method described here:
https://www.kosinix.com/install-lets-encrypt-
certificate-on-shared-hosting/
20. Why this manual method?
● It should work on almost all hosted
environments
● But you have to redo it every 90 days
21. What do I need?
● A Linux system (which could be a Virtual
Machine e.g. Ubuntu on Virtualbox) to install
and run the Let’s Encrypt software
● Ability to create directories and files (and their
contents) on your web server
● Something like cPanel to install and select the
resulting certificate.
22. Install “Let’s Encrypt”
● On a machine you control (I’m doing this as
root)
● You may have to install git first
git clone
https://github.com/letsencrypt/lets
encrypt
24. From the letsencrypt directory
● This starts the process locally, for your hosted
site (the first time you run this, it may also
install other packages).
● I’ll usually use -d www.yourdomain.ca too
root@Ubuntu1604:/root/letsencrypt# ./letsencrypt-auto certonly -a manual --rsa-key-
size 4096 -d voggtech.ca
28. And now the tricky part
● Sometimes the exact hostname, and where in
the filesystem may take some fiddling
29. What does that mean?
●
You need to connect to your hosting environment, and create the directories
.well-known, and below it acme-challenge
●
You then need to create a file in acme-challenge called:
L3r7tCEOfLdZHBkNOoPzfKG6JYRQme45dzIc1e_W4jE
● It must contain the text:
L3r7tCEOfLdZHBkNOoPzfKG6JYRQme45dzIc1e_W4jE.EQmd_doFxBzxtc
cUOeDcPjROkiX3-yvvHZHuprdOUaM
● Note that every time you run the command, the file name and text
changes.
● You must create the file, and its contents before you “Press ENTER to continue”
● If you don’t you’ll have to start the command again.
● If you have more than one -d parameter, you’ll need to do this for each one on
your command line.
30. And how do I do that?
● It depends – but many hosting providers use
cPanel, so we’ll look at it that way.
● Log into your hosting account, and start up “File
Manager”
● You could also use sftp or ftp if that is what your
hosting company allows.
32. Hidden Files
● With Linux, directories/files starting with a dot
are hidden – you’ll probably want to change File
Manager to show hidden files.
33. Create Directories and Files
● Create the .well-known, and the acme-
challenge directory below it
● If you’re renewing a certificate, they’ll be there
already.
● Then create the file
34. Put the string in the file
● Here I’m using the “Code Edit” option that you
get by right clicking on the file name
● Save and close
35. Now, back to the “Press Enter ...”
● If you’ve got it right, you’ll get something like
36. Just a little more ...
● Now we need to grab the created certificate,
and put in the list of certificates, and set the
web server to use it.
● I’m using the Certificates option: