Views: 246
Last Modified: 09.10.2024
Own SSL certificate
Own SSL certificate, issued by any certification authority, can be also connected to a site in BitrixVA.
Important! Before issuing a certificate, make sure that you have
created a site at the host (also available from the Internet), to which the certificate is issued, as well as that DNS settings for DNS hoster and registrator for this domain are correct. Otherwise the certificate won't be issued. Plus, there is a limit – 5 errors for certificate issue per hour and per account for this domain.
You must have the following certificate files: private key, certificate chain and the certificate.
Requirements for imported certificates:
- Certificate, private key and certificate chain must have PEM-encoding.
- Private key must not be encoded.
- Files of the certificate and private key are required, file with the chain may not be specified.
- If you use your own paths for uploading the certificates, specify full paths during import. When using relative pathnames, the certificate files must be uploaded into the /etc/nginx/certs directory.
Connection
The following must be done to connect own SSL certificate:
Connected certificate can be easily checked - go to your site via https protocol, and the valid certificate will have a green lock icon.
Support of several sites is available, separated by comma. You will have to track validity period of your certificate on your own. Certificate re-issuing is also performed by the site owner as well. After the new certificate is issued, it can be imported again.
Note: If you have used your own server directory to copy initial certificate files, then after import is completed it is recommended to delete these files for security purposes (in the example - /home/bitrix/ssl/). If you have copied files into /etc/nginx/certs, then there is no need to delete them.