SSL certificates
The SSL certificates are a safe mechanism to transmit data over an encrypted connection between two points. The certificates give the security services exposed by trusted entities and data will be handled correctly.


Cloud-Bricks allows to manage the SSL certificates for communication between users and the Cloud.
To do it, go to Web System>SSL Certificates on the left menu.

SSL Certificates table displays.

  1. Generate CSR... button:
    • Button to create a certificate signing request.
    • This is a text file encryption which will be required by the certifier.
    • By clicking data about the company is requested.
  2. New Self-signed Certificate... button :
    • Self-signed certificates are certificates that are not supported by external entities, these are generated on a local server.
    • They are used mostly for developing and testing sites.
    • By clicking a certificate self-signed for the virtual host is generated.
  3. Certificate name:
    • It corresponds to the certificate file.
    •  By clicking the file contents opens.
    • In the case of a CSR this content will be the certification authorities request it.
  4. Certificate Type: Indicates the type of certificate, it can be any of the following types:
    • SELF SIGNED CERTIFICATE:  Self-signed certificate for WebSites.
    • EXTERNAL CERTIFICATE: Certificate generated by an external certification authority.
    • VPN CLIENT CERTIFICATE: Certificate for a VPN user connection.
    • SELF SIGNED MAIL CERTIFICATE:  Self-signed certificate for email encryption.
    • VPN CLOUD CERTIFICATION AUTHORITY: Internal Cloud certifying entity for VPN connections.
    • MAIL CLOUD CERTIFICATION AUTHORITY: Internal Cloud certifying entity for email.
    • HTTPS CLOUD CERTIFICATION AUTHORITY: Internal certifying entity for insurance Cloud WebSites.
  5. Subject: Displays data entered for the certificate request.
  6. Domains: Displays the domains covered by each certificate.
  7. Issuer: Displays data entity issuing the certificate.
  8. Expiration date: This is the date the certificate expires.
  9. Delete button: Delete the certificate. This task is irreversible.

Certificate authority

There are three certification authorities according to the type of application required. You can generate certificate requests for HTTPS, secure VPN and mail, it is why there are entities:

  • VPN CLOUD CERTIFICATION AUTHORITY
  • MAIL CLOUD CERTIFICATION AUTHORITY
  • HTTPS CLOUD CERTIFICATION AUTHORITY

SNI problem

Cloud-Bricks supports SNI system. With this protocol and a single public IP address, the Cloud can manage multiple web sites with independent secure digital certificates. All modern browsers support, however this protocol is not supported by old clients like Internet Explorer on Windows XP.

If you require support this type of old customers and maintain multiple web sites safe has two options:

  1. Buy a package of IPv4 addresses, so you can use an IP address for each secure site.
    This has the disadvantage. You must acquire an IP address for each secure website and shall also manage the encryption of your site directly into their virtual machines without using the mechanism provided by the cloud.
  2. Use Multi-Domain Certificates, so that a single certificate can cover all the secure sites.
    This has the disadvantage, that every time you add a new secure website, you must discard the old certificate and purchase a new one that includes both; the new and existing domain.

Since Windows XP has officially exited the Microsoft support we suggest you avoid troubles supporting this kind of old customers.

Best practices

SSL certificates enable secure communication between the client and server sides, and for certain operations is essential to have this security layer (Banking or transaction data). Secure communication involves encryption of data, and encrypting data is a function that requires a big consumption of resources, that is why the secure SSL communication is made directly on the physical machine (Cloud-Brick) and not in the virtual hardware. This means that all internal communications between virtual machines can be made without encrypting the data, since there is no risk in the internal infrastructure.

In short, in order to reduce consumption of resources, you should manage your web site without cryptography and let the cloud be responsible for this work.

Generate CSR

 In order to request a Digital Certificate to a Certificate Authority, you must first generate a CSR.

To do this, enter the SSL Certificates section, and click on the Generate CSR... button

  • In this window choose the "Web / HTTPs Certificate" option
  • (The "eMail / POP3s / IMAPs Certificate" option is used with mail servers)
  • In the second option select the virtual host.
  • Click on the Generate CSR button.

Fill the data and click on the Generate CSR button. The certificate will be generated.

By clicking the certificate name "wordpress.csr" you can download the certificate to be sent to the certifying entities.

Generate self-signed certificate

 A self-signed certificate is a certificate generated locally and is not supported by any certificate authority. These certificates are mainly used in testing or development servers.
To generate a self-signed certificate to enter the SSL Certificates section, and click on the New Self-signed Certificate... button
Select the virtual host (can be more that one) and click on the button Generate self-signed certificate.
The certificate will be generated, once done can configure your VirtualHost with HTTPs protocol.

Secure site with a self-signed certificate

A site with a self-signed certificate will be seen as a potential threat by the browser. To view the secure website with self-signed certificate must open the URL with HTTPS, for example https://wordpress.pruebas.vnat.net/.


From firefox click on the option "I understand the risks," then the button Add exception. And the site can be viewed without problem.

On Chrome click on the "Advanced", then click the "Access wordpress.pruebas.vnat.net (no safe place)" option. The site can be viewed without problem.

Load external certificate

Some certificate authorities take time to generate the signed certificate, once the certificate authority issuing the certificate, two files will be sent:

  • certificate file (* .crt)
  • certificate chain (bundle) (* .crt)
These files must be uploaded to the server. To upload files enter the SSL Certificates section, and look for the CSR certificate previously generated.

Click on the "Upload certificate" option.

Load the two files and click on the Upload File button. Certificates will be loaded automatically.
The certificate will be generated, once done can configure your VirtualHost with HTTPs protocol.

Using the certificate in a Virtualhost

Once you have created and installed the SSL certificate, it is already possible to use the HTTPS protocol in the corresponding virtual host. Simply modify the virtual Host's protocol:



Cloud Services

Firewall

Monitoring

Networking

Operating systems

Storage

Virtual Machines

Web System
Other Languages
Web System
[an error occurred while processing this directive]