Home

ssl-guide

3 min read

SSL Guide

Guide for Updating the SSL Certificate on EPIC+

Companion guide to EPIC Plus: Installation and Update Guide.

Introduction

An SSL (Secure Sockets Layer) certificate is a cryptographic credential that guarantees that a site contains and serves the code that its developers intend to transmit. This certificate uses digital security technology that encrypts the connection between a web server and a browser, thus protecting transmitted data such as personal information and credit card details from being intercepted by third parties.

An SSL certificate typically lasts between 1 and 2 years before it needs to be renewed.

1. Obtain the New SSL Certificate

Before you can install an SSL certificate, you need to obtain one from a Certificate Authority (CA). Generally, this means acquiring one by:

  • Purchasing a certificate through providers e.g. Let’s Encrypt, DigiCert, Comodo.
  • Using free certificates, e.g. Let’s Encrypt.

In the case of http://epicplus.itam.mx, this certificate was provided by the DSTI ITAM team:

Example (26 - 10 - 23)

epicplus_crt-1.txt

epicplus_key-1.txt

gsgccr3dvtlsca2020_intermedio_crt-1.txt

2. Prepare the Server

Make sure you have administrative access to your server and know the location of your web server configuration files (e.g., Apache, Nginx).

In this case, the server environment is as follows: Nginx Server

// Step 1. Find the server
macbookair@MACOS-D9J9V ~ % nslookup epicplus.itam.mx
 
Server:		10.10.20.3
Address:	10.10.20.3#53
 
Name:	epicplus.itam.mx
Address: 148.205.149.132
 
// Step 2. Establish Connection. The user is srvadm and the password is EPICLab2023
macbookair@MACOS-D9J9V ~ % ssh srvadm@148.205.149.132
The authenticity of host '148.205.149.132 (148.205.149.132)' can't be established.
ED25519 key fingerprint is SHA256:7UvpjlUXL+X3hgWQ2zXmNT+Bd7XsRC66qO4DfkzdLr0.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '148.205.149.132' (ED25519) to the list of known hosts.
srvadm@148.205.149.132's password:
 
// Step 3. Access root:
sudo -s
 
// Step 4. Move the files to a new folder
 
// Step 5. Upload the new files to etc/pki/nginx

3. Back Up the Current Certificate

It is good practice to make a backup of your current certificate and configuration.

cp /path/to/current/certificate.crt /path/to/backup/
cp /path/to/private/key/current.key /path/to/backup/

4. Install the New Certificate

Depending on your server, the exact steps may vary. Here is an example for Apache:

  1. Copy the new certificate and private key to the desired location.
bashCopy code
cp /path/to/new/certificate.crt /path/where/apache/reads/
cp /path/to/new/key.key /path/where/apache/reads/
  1. Edit the Apache configuration file to point to the new certificate and key.
bashCopy code
nano /etc/apache2/sites-available/my-site.conf
  1. Find and update the lines containing SSLCertificateFile and SSLCertificateKeyFile to point to the new files.
bashCopy code
SSLCertificateFile /path/where/apache/reads/new_certificate.crt
SSLCertificateKeyFile /path/where/apache/reads/new_key.key
  1. Restart Apache to apply the changes.
 
service apache2 restart
nginx

5. Verify the Installation

Once you have installed the new certificate, verify that everything is working correctly. You can use online tools such as SSL Labs to check your site’s SSL configuration.

6. Monitor the Expiration Date

Make sure to renew and reinstall your certificate before it expires.

Graph View

Backlinks