DreamHost SSL

Secure web hosting is used to make your site more secure. By using SSL certificate, you actually create a tunnel for communications between server and client. All your communication data are encrypted. So it’s become impossible for anybody to hack the data.

DreamHost also offers secure web hosting. In this article, I will show you how you can setup secure hosting in DreamHost with unsigned certificate. I will also show you how you can use StartSSL to create free Class 1 certificate for your web site and use it with DreamHost.

Enable Secure Hosting in DreamHost

The method of enabling secure hosting in DreamHost is very simple.  Previously DreamHost required unique IP address to enable secure hosting but it has been now changed and now you can enable secure hosting for your shared hosting websites without unique IP address. We will enable secure hosting for the domain dreamvideotutorial.com . Just follow these simple steps and you will have secure hosting enabled for your web site.

1) Login to DreamHost panel.

2) In the left side panel, under the domains section, click on Secure Hosting button.

3) Here you will see a list of secure hosting enabled web sites. You can see that I enabled secure hosting for this website also.

4) Click on Add Secure Hosting button.

DreamHost SSL Hosting

5) Select the domain for which you want to enable the secure hosting. I will use dreamvideotutorial.com. Then click on “Add now!” button.

DreamHost SSL Domain

6) You will see a success message like the following.

DreamHost SSL Success

After few minutes secure hosting will be enabled on your domain name. Check the domain with https and you will know whether it’s working or not.

Problem With Unsigned Secure Certificate

Unsigned secure certificate is as much secure as the signed one but the big problem with unsigned secure certificate is that most of browsers are not compatible with it. So when a user visits your web site, he/she will get an SSL error from browser like following.

DreamHost SSL Unsigned

If any of your visitors will get the error like that then she won’t come to your web site thinking that there is something fishy on your site. So what’s the solution?

To deal with this type of problem, you can use any secure certificate signed by approved certificate authority(CA). So browsers will not give you any error message. Now getting certificate signed by CA costs you money. DreamHost also offers secure certificates at $15 per year for a single domain.

Now if you have any ecommerce web site or any other business transaction website then I would recommend you to buy a secure certificate but if you have only information web site and just want to protect the privacy of a user then you can use free Class 1 certificate provided by StartSSL.

How to Get Free Class 1 Certificate From StartSSL

This process is a little bit lengthy but very simple. Just follow the steps in order and you are good to go.

First go to StartSSL.com. There you need to sign up. Click on Control Panel from the left side navigation.

SSL Control Panel

Then click on Express Lane button.

Express Lane

Enter your full name, contact details, phone number and email address.  Then click on continue button.

SSL Contact Details

Next you will get verification code from StartSSL in your email. Check the email. Copy the code on this screen and click on Continue button.

Complete Registration

Click on Continue.

Generate Private Key

Click on Install button.

Install Certificate

Now the certificate is installed on your browser. So whenever in future you will go to StartSSL.com, you will be automatically logged in to your account. Take a backup of the certificate from the instructions given on the FAQ page. This certificate is the only way to login to StartSSL control panel. So you will have to take a backup of certificate installed on your browser. Click on Continue button.

Backup Certificate

Now it’s time to verify the domain ownership. Enter the domain name for which you want to generate the certificate. Then click on Continue button.

Domain Verification

Select the verification email Id then click on Continue button.

Verification Email

Now again you will get verification code in your email ID. Enter the verification code and click on continue  button.

Complete Validation

Once verification is successful, click on Continue button.

Now you will see three top navigations like Tool Box, Certificate Wizards and Validations Wizards. We will use certificate wizard to generate the certificate for the verified domain. Click on Certificates Wizard. Select the Web Server SSL/TLS Certificate option. Click on Continue button.

Web Server Certificate

Now generate the private key. Enter the key password and confirm password and click on continue button.

Generate Private Key

Now the private key is generated. Copy the content from textbox to notepad and save it as ssl.key.txt. Make sure you are using notepad only and not any other document software to save the key. If you will use MS Word or WordPad then key won’t be saved properly. Click on Continue button.

Save Private Key

Select the domain for which you want o generate the certificate then click on Continue button.

Certificate Wizard

Now you need to give sub domain name. Give any subdomain name. I would like to give secure. Click on Continue.

Add Sub Domain

Again click on Continue button. Now you will see the certificate. If there is some problem in validation then you will see error like following. You need not worry about this error because within few minutes you will get certificate in your email.

Additional Check Required

To get the certificate, go to Tool Box. Click on Retrive Certificate. Select the certificate domain then click on Continue button.

Retrive Certificate

Now you will see certificate. Copy the certificate from text box using notepad and save it as ssl.crt.txt.  Next thing is to decrypt a private key. Again go to Tool Box, Click on Decrypt Private Key link. Enter the private key which you saved in ssl.key.txt. Also enter the passphrase which you used while generating the private key. Then click on Decrypt button.

Decrypt Private Key

Save the decrypted key in to plainssl.key.txt.

Now the final thing. We will need to download two StartCom CA Certificates. So go to Tool Box, click on StartCom CA Certificates link. Download the StartCom Root CA (PEM encoded). Also download  Class 1 Intermediate Server CA certificate. Now you need to concatenate these two files. So open ca.pem and sub.class1.server.ca.pem in to notepad. Also open new file in notepad. First copy the all contents of ca.pem file to new file then immediately without giving enter or any other key, copy the contents of sub.class1.server.ca.pem to the new file. So basically you are merging two files in to new file. Now save that new file as Ca-Crt.pem.

That’s it. Now you have got everything from the StartSSL. You just need to put all these certificates in to DreamHost secure hosting.

Change Secure Certificate

Now again login to DreamHost panel and go to secure hosting. Click on the Edit button beside the domain for which you want to change the certificate. Now click on Manual Configuration Radio box. First delete all certificate contents. Leave the certificate Signing Request empty. Paste the contents from ssl.crt.txt to Certificate text box. Paste the contents from plainssl.key.txt to Private Key text box.  Paste the contents from Ca-Crt.pem file to Intermediate Certificate text box. Then click on “Save Changes Now!” button.

DreamHost SSL Change Certificate

Now if everything went right then you should see a perfectly working secure hosting domain. Check your domain and it should work fine without showing you any error.

Now let’s check dreamvideotutorial.com. Now it’s not blocking the visitor or giving SSL Error. You might see that it’s still showing red cross on https that means there are some content loaded which are insecure. That’s the problem of coding. There is no problem in secure hosting setup. You can see that the certificate information is shown properly.

DreamHost Secure Hosting

Renew The Certificate

It’s been a year and this article hasn’t been updated. Yesterday, I got an email from the StartSSL that my class 1 certificates are going to expire soon and I need to renew them. So I though why not include the renewal instructions also in the article? So here you will find certificate renew instructions.

First of all visit the StartSSL control panel. If you are using the same browser then you can authenticate your account easily but if you are using different browser or your system has been formatted then you need to restore the certificates which you backed up previously for logging in to control panel.

If you have your personal verification certificate installed in to your browser then you don’t have to do anything. Just go to the control panel and click on authenticate button. You will be asked to select your personal certificate. Select the personal certificate and you will be authenticated through the panel.

If you don’t have your personal verification certificate then don’t worry. You can create a new account. Just start with the Express Lane setup as shown in the starting of the article. Your account might go for manual renewal. Don’t worry, once the manual renew process is finished, you will get an email from the StartSSL.

Now you have your account. Just start the procedure for getting the certificate. First validate your domain name. Then go the certificates wizard and create Web Server SSL/TSL certificate. Once the certificate is generated, save the private key and certificate at your preferred place. Make sure to decrypt the private key.

Now login to the DreamHost control panel. Go to Domains, then secure hosting. Click on Edit button to change the certificates and private key. Since you are again using the StartSSL certificate, you don’t need to change the Intermediate Certificate. Now save the changes.

After few minutes, check your web site and make sure that everything is working just fine. Also check the date of your certificate. Now your certificate is renewed.

I hope you enjoyed the article. I have tried my best to make it easy. If you find any difficulty in setup, you can contact me and I will help you.