Buy SSL Add-on with TLS SNI support

This service is available as a yearly subscription and includes all steps required to install one SSL certificate for any site hosted in your Aegir system. Works as an add-on service for Aegir Edge Engines and Aegir Power Engines. The price is $160 USD per certificate Yearly. You can use this service for certificates valid for single or multiple domains/subdomains without any extra charge, as long as all valid domains and subdomains will use the same certificate and the same shared IP address. Our web servers configuration supports modern TLS SNI features out of the box. Also, all SSL enabled sites are automatically powered by latest technologies: SPDY and Perfect Forward Secrecy.

!Payment Card Industry Data Security Standard (PCI DSS) – PCI DSS is set of requirements to protect cardholder data and the environments in which cardholder data is stored, processed or transmitted. All our servers run on a hardware we control in 100% – there is no outsourced cloud computing used – and are hosted by Internap company, which provides hosting environments that are PCI DSS compliant as certified yearly by a PCI Quality Assessor. To verify technical PCI DSS compliance for your SSL enabled site already hosted with us, please visit this remote verification service page .

Buy from 2CO

You can send us your existing certificate file, the key file and any intermediate certificates bundle, if required, or generate new key file and CSR file, as explained below. You will need the CSR file ready to upload or paste its contents when purchasing certificate from your preferred vendor, and when your certificate is issued, just send us the key, the certificate and any intermediate certs bundle, and we will install your new certificate on an extra IP address with TLS/SNI mode enabled. You can then use existing or create new site with its SSL enabled domain in your Aegir control panel as usual, and only point its DNS A record to your extra IP address to be able to use your SSL certificate properly. Please note that we no longer sell dedicated IP addresses as a part of this service, but your certificate is still installed on a different IP address than your Aegir instance, to provide secure SSL termination.

!Note that this service doesn’t include SSL certificate, since we don’t sell certificates. If you are looking for some excellent SSL certificates vendor, we recommend Gandi.net .

To generate the key and CSR file on command line, while logged in your account via SSH, please use the command shown below. It will prompt you to enter all details listed further below. You will find your CSR file named “foo.csr” in the current directory. Then all you need is to send us the key, the issued certificate and any included intermediate certs, and we will take care about the rest. Some vendors don’t support strong keys with 4096 bit length – in this case you will need to replace 4096 with 2048 in the command below. Note that we recommend to use secure hash algorithm sha256. You can read more about SHA-2 standard on sha2sslchecker.com

$ openssl req -nodes -newkey rsa:4096 -sha256 -keyout foo.key -out foo.csr

While generating CSR file, you will have to answer a few questions, as listed below:

  1. Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
  2. State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California
  3. Locality or City: The Locality field is the city or town name, for example: Berkeley. Do not abbreviate. For example: Saint Louis, not St. Louis
  4. Company: If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
  5. Organizational Unit: This field is optional; but can be used to help identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization unit making the request.
  6. Common Name: The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”. For wildcard certificate the syntax should look like *.company.com

You should skip all other questions when prompted, just by hitting Enter on your keyboard.

!IMPORTANT — Before you submit all required files to request SSL add-on installation please double check that the uploaded ZIP archive (recommended) really includes all required files in PEM format: SSL Certificate File, SSL Key File, and Intermediate SSL Certificates Bundle File. Make sure to provide also related 2CO subscription order number (related to this add-on, not to your Aegir instance) and the list of all domain names expected to be supported by this add-on. We will not process the request until all required files and information are submitted properly.

Please use our Support Request Form to submit all required files and information.

!Your SSL setup request will be processed in 24 hours Mon-Fri, but in most cases it is handled the same business day. We accept PayPal and Credit Cards via 2CO. 2CheckOut.com Inc. (Ohio, USA) is an authorized retailer for services provided by Omega8.cc. By submitting the online order form, entering into an agreement after a quote, accepting an invoice or taking presence on our servers, you hereby agree to our Acceptable Use, Terms of Service and Privacy policy.

Already 900+ hosts powering thousands of Drupal sites are running on our high-performance Aegir BOA stack
© 2009-2023 Omega8.cc | ul. Zlota 59, 14th floor Skylight Building, 00-120 Warsaw, Poland | Twitter
Smokin’ Fast Drupal Hosting in Amsterdam · Chicago · Frankfurt · London
Madrid · New York · San Jose · Singapore · Sydney · Toronto · Warsaw