Generating a CSR using cPanel. Click on Generate, view, or delete SSL certificate signing requests under the Certificate Signing Requests (CSR) menu: On the next page, locate the option titled Generate a New Certificate Signing Request (CSR). If you select “Generate a New 2048-bit key”, a completely new Private Key will be. Oct 30, 2018  Adding an SSL certificate and custom Namecheap domain to a GitLab Pages site can be a bit more challenging than it seems. In order to generate a CSR. You should have a.csr and.key file. Feb 18, 2018  LoadModule sslmodule modules/modssl.so Include conf/extra/httpd-ssl.conf. We will use httpd-ssl.conf file to configure the certificate details. There are following you need to ensure it exists the right parameters. SSLCertificateFile – Certificate CRT file path which you downloaded earlier; SSLCertificateKeyFile – private.a key file path.

by Erica Pisani

EasyWP: How to generate a CSR. CSR (Certificate Signing Request) is a block of encrypted plain text containing the information that will be used by a Certificate.

Adding an SSL certificate and custom Namecheap domain to a GitLab Pages site can be a bit more challenging than it seems.

Crucial pieces of the setup information live in sometimes dense documentation across different sites. It can be hard to tell if you’ve set things up correctly given that you have to wait hours to confirm your changes have propagated.

Even when you know something is wrong, you can’t always tell what. This makes debugging the problem frustrating and challenging to fix.

This guide aims to make the process a bit more straightforward and less frustrating. It assumes that you’ve:

• Already set up your project on GitLab Pages and are able to access it by entering <your-username>.gitlab.io/<your-project-name> in your browser
• Have purchased a custom domain name along with an SSL certificate through Namecheap

Step 1: Activate the SSL certificate

In Namecheap, go to the ‘Product List’ > ‘SSL Certificates’ page. You should see a list of SSL certificates that you have purchased, but have not yet activated. Click ‘Activate’ on the SSL certificate that you wish to activate for your site.

Step 2: Generate the SSL certificate request

You should have been brought to a page that looks like the following:

In order to generate a CSR, you’ll need to run the following command in your terminal: openssl req -new -newkey rsa:2048 -nodes -keyout <your-domain-name>.key -out <your-domain-name>.csr.

A private key will be generated as a result of that command. DO NOT LOSE THIS KEY. You will need it later on when you go to install your certificate on GitLab. Should you lose it, you will have to submit another CSR request.

You can read the nitty-gritty details here about generating a CSR if you wish, but the TL;DR is:

• It’s strongly encouraged that you fill out all the required fields. Your CSR could be rejected during activation of you do not. If you are filling this CSR out for a personal or hobby site, you can enter NA for the ‘Organization’ and ‘Organization Unit’ fields.
• If the certificate is being issued for a specific subdomain, you need to specify the subdomain in the ‘Common Name’ field. Example: subdomain.ssl-certificate-host.com
• If the certificate is meant to be a wildcard certificate, the domain should start with an asterisk. Example: *.ssl-certificate-host.com

For the purposes of this guide, the assumption will be made that you are getting the certificate for something like <example-domain&gt;.com .

Once you’ve run the command, you should have a .csr and .key file in your working directory. Open the .csr file, and copy the contents in it. It should have the header ----- BEGIN CERTIFICATE REQUEST -----.

Paste the contents of the file into the Enter CSR field. The page will automatically fill out the domain field on the form based on the information in the CSR.

Once you click ‘Next’, you should see the following page:

Check that the information is correct, and then click ‘Next’ again to go to the ‘Confirm you own the domain’ step.

Step 3: Confirm you own the domain

There are a few different options that are available to you in order to do this:

• Email
• HTTP-based
• DNS-based

I personally have had issues validating through email, so for the purposes of this guide, select ‘DNS-based’. This requires you to set up a CNAME value in your domain’s DNS settings, which we will cover later on in this guide.

For now, click ‘Next’ after selecting ‘DNS-based’, but if you change your mind about this form of validation later on, it’s possible to change it.

Step 4: Specify who will receive the SSL file

Confirm that the email in the field is correct. This is the email that will receive the certificate once it’s been activated.

Step 5: Review and Submit

Confirm the information shown is correct, and then click ‘Submit’.

Step 6: Set up the CNAME record for validating ownership of the domain

Just basic for mac download. Once you submit the form, you will be redirected to a page showing the SSL certificate details with a helpful notification window that looks like the following:

Click on the link for the DNS-based DCV method. You’ll be brought to a page that shows information that you entered earlier, such as:

• The domain name
• The type of web server that will have the certificate installed (should be Apache, Nginx, cPanel, or other)
• DCV Methods In Use

Access the dropdown options for the ‘Edit Methods’ button to the right of ‘DCV Methods in Use’ in order to access and click the ‘Get Record’ option.

A popover will appear showing the CNAME record you need to set up in order to confirm ownership of the domain. Copy these values to an empty text file as you’ll need to go to the ‘Advanced DNS’ page for your domain. This is accessible through ‘Dashboard’ or ‘Domain List’ > ‘Manage’ (besides your domain in the list) > ‘Advanced DNS’.

Under the ‘Host Records’ section:

• Click ‘Add New Record’
• Select ‘CNAME Record’.
• Paste the values that you copied earlier from the ‘Get Record’ popover into the corresponding fields.

Before you save those values though, there’s a bit of a ‘gotcha’.

As Namecheap points out in their documentation, they “add the domain name automatically to the values submitted during record creation”. This means that the domain name that appears in the ‘host’ value is a duplicated value. Remove <your-custom-domain&gt;.com at the end of the ‘host’ value and you’ll be good to go.

After you save that record, it’ll take a bit of time before the certificate is issued. Once you receive the certificate in your email, proceed to step 8. If you haven’t already though, let’s set up the additional records needed in order to send people to <your-username>.gitlab.io/<your-project> when they enter <your-custom-domain>.com.

Step 7: Set up your host records in Namecheap

As outlined in GitLab’s docs, you’ll also need to prove on GitLab’s end of things that you own the custom domain that you want to serve your GitLab Pages site on.

Ssl Key File Namecheap Generate Password

As mentioned earlier, this guide assumes that you are just looking to use example.com (or www.example.com), so you’ll want to add the following host records:

• Type A Record, Host @, Value 35.185.44.232 (this is the current GitLab Pages IP at the time of writing)
• Type CNAME Record, Host www , Value example.com (this ensures that people who enter the 'www’ subdomain (i.e: www.example.com) still reach your site)
• Note: You won’t be able to enter this one until you’ve added the domain through the ‘New Pages Domain’ flow outlined in Step 8. Type TXT Record, Host @ , Value gitlab-pages-verification-code=11112222aaaabbbb

Step 8: Install the certificate in GitLab

Head on over to the ‘Pages’ page of your GitLab project that you’re trying to set up (under ‘Settings’ > ‘Pages’ in the sidebar).

To add your custom domain that GitLab serves your Pages site on, click on the ‘New Domain’ button on the top right. You should see something like the following:

Enter your custom domain (example.com) in the domain field, and then the next part is where it gets interesting.

If you try just to enter your certificate (example_com.crt) and your private key (generated when you initially sent the certificate request) in the fields, you’ll likely get a ‘Certificate is missing intermediates’ error.

This is because GitLab is using something like NGINX to receive requests on it’s Pages IP before routing the request to the correct site. Namecheap, in their documentation, calls out that “it is required to combine your certificate with CA certificates in a single file”.

What this means for you is that you need to combine the text found in your example_com.crt and example_com.ca-bundle files in the ‘certificate field’. In the end you should have something like:

Add the private key to the last field, and you’re done. It will take time for the changes to propagate. If you check back in a few hours, you should see an indication beside your address in the URL bar showing that your connection to your site is now secure.

Resources/References

SSL Certificates fall into two broad categories: 1) Self-Signed Certificate which is an identity certificate that is signed by the same entity whose identity it certifies-on signed with its own private key, and 2) Certificates that are signed by a CA (Certificate Authority) such as Let’s Encrypt, Comodo and many other companies.

Self-Signed Certificates are commonly used in test environments for LAN services or applications. They can be generated for free using OpenSSL or any related tool. On the other hand, for sensitive, public-facing production services, applications or websites, it is highly recommended to use a certificate issued and verified by a trusted CA.

The first step towards acquiring an SSL certificate issued and verified by a CA is generating a CSR (short for Certificate Signing Request).

In this article, we will demonstrate how to create a CSR (Certificate Signing Request) on a Linux system.

Creating a CSR – Certificate Signing Request in Linux

To create a CSR, you need the OpenSSL command line utility installed on your system, otherwise, run the following command to install it.

Then issue the following command to generate a CSR and the key that will protect your certificate.

where:

• req enables the part of OpenSSL that handles certificate requests signing.
• -newkey rsa:2048 creates a 2048-bit RSA key.
• -nodes means “don’t encrypt the key”.
• -keyout example.com.key specifies the filename to write on the created private key.
• -out example.com.csr specifies the filename to write the CSR to.

Answer correctly, the questions you will be asked. Note that your answers should match information in legal documents regarding the registration of your company. This information is critically checked by the CA before issuing your certificate.

After creating your CSR, view the contents of the file using a cat utility, select it and copy it.

Copy CSR Key

Namecheap Ssl Certificates

Then go back to your CA’s website, log in, go to the page will contain the SSL certificate you purchased, and activate it. Then in a window such as the one below, paste your CSR in the correct input field.

Namecheap Install Ssl Certificate

In this example, we created a CSR for a multiple domain certificate purchased from Namecheap.

How To Open Key File Icon

Then follow the rest of the instructions to initiate activation of your SSL certificate. For more information about OpenSSL command, see its man page:

Free Ssl Namecheap

That’s all for now! Always remember that the first step to getting your own SSL certificate from a CA is to generate a CSR. Use the feedback form below to ask any questions or share your comments with us.