- Buy Now!
Buy SSL Setup with Dedicated IP Address
This service is available as a yearly subscription and includes all steps required to install one SSL certificate for any site hosted in your Aegir system. Works as an add-on service for Aegir Hosted Cores. The price is $159 USD per certificate/IP Yearly. You can use this service for certificates valid for single or multiple domains/subdomains without any extra charge, as long as all valid domains and subdomains will use the same certificate and the same IP address. Our web servers configuration supports modern TLS SNI features out of the box.
!Payment Card Industry Data Security Standard (PCI DSS) – PCI DSS is set of requirements to protect cardholder data and the environments in which cardholder data is stored, processed or transmitted. All our servers run on a hardware we control in 100% – there is no outsourced cloud computing used – and are hosted by Internap company, which provides hosting environments that are PCI DSS compliant as certified yearly by a PCI Quality Assessor. To verify technical PCI DSS compliance for your SSL enabled site already hosted with us, please visit this remote verification service page.
You can send us your existing certificate file, the key file and any intermediate certificates bundle, if required, or generate new key file and CSR file, as explained below. You will need the CSR file ready to upload or paste its contents when purchasing certificate from your preferred vendor, and when your certificate is issued, just send us the key, the certificate and any intermediate certs bundle, and we will install your new certificate on a dedicated IP address. You can then use existing or create new site with its SSL enabled domain in your Aegir control panel as usual, and only point its DNS A record to your dedicated IP address to be able to use your SSL certificate properly.
!Note that this service doesn’t include SSL certificate, as we don’t sell certificates. If you are looking for some excellent SSL certificates vendor, we recommend Gandi.net.
To generate the key and CSR file on command line, while logged in your account via SSH, please use two commands – to generate the key:
openssl genrsa -out domain.key 4096 and then to generate the CSR file:
openssl req -new -key domain.key -out domain.csr. The second command will prompt you to enter all details listed further below. You will find your CSR file named “domain.csr” in the current directory. Then all you need is to send us the key, the issued certificate and any included intermediate certs, and we will take care about the rest. Some vendors don’t support strong keys with 4096 bit length – in this case you will need to replace 4096 with 2048 in the command above.
While generating CSR file, you will have to answer a few questions, as listed below:
- Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
- State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California
- Locality or City: The Locality field is the city or town name, for example: Berkeley. Do not abbreviate. For example: Saint Louis, not St. Louis
- Company: If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.
- Common Name: The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”. For wildcard certificate the syntax should look like *.company.com
You should skip all other questions when prompted, just by hitting Enter on your keyboard.
Please use our Support Request Form to submit your data.