KB / Account Control Panel / Goodies :: Secure Server
From DreamHost
Please see this newly updated Secure Hosting article for more information and installation instructions.
The information on this page may be outdated and will soon be deleted.
Parent Article
What is a Secure Server?
Please see this newly updated Secure Hosting article for more information and installation instructions.
Do I need a secure server?
If your site processes information submitted by CGI, you may wish to use the secure server feature to encrypt that information en route. For example, if a page on your site takes ordering information (like credit card numbers), your customers may be more comfortable submitting information if they know that it cannot be snooped on while in transit.
Also, if you use WebDAV to publish information to your website, the password will be transmitted over the Internet using only relatively weak (htaccess) encryption unless you use a secure server.
Is Formmail covered by the Secure Server?
Unfortunately, Formmail is not covered by the secure server. The reason is formmail uses the sendmail protocol while the secure server encrypts everything passed through https. It is suggested to use PGP with formmail.
Do any Dreamhost plans come with a Secure Server?
Yes, now that Dreamhost has slimmed down to one hosting plan option, all new plans now allow you to setup an unlimited number of secure servers!
The Process
Please see this newly updated Secure Hosting article for more information and installation instructions.
Can I have a new CSR created without affecting my current Secure Service?
Please see this newly updated Secure Hosting article for more information and installation instructions.
Can Dreamhost install my Secure Certificate?
Please see this newly updated Secure Hosting article for more information and installation instructions.
What if my CA requires an Intermediate Third Party Certificate?
Please see this newly updated Secure Hosting article for more information and installation instructions.
What if my Private Key is passphrase protected?
Dreamhost will not accept passphrase protected keys. If yours is, please upload it with your certificate to your user's home directory (not the publicly-accessible domain directory). Contact Support with the location and current passphrase. We will remove the encryption and continue with installation.
What server software do you use for Secure Service?
If you do not use our automatic CSR/KEY generation panel, you will need to know that our web server software is Apache-ModSSL; Apache-SSL will also work if the only option, but ModSSL is the official one.
How do I renew my Secure Certificate?
Please see this newly updated Secure Hosting article for more information and installation instructions.
How Can I Test My New Secure Server Before Switching The Name Servers For My Domain?
You can add the unique IP address for that domain/sub-domain into your computers local "C:\WINDOWS\system32\drivers\etc\hosts" file to direct connections to our servers rather than what the current name servers resolves to. That way you can check the operation of the certificates before changing the name servers over to point to ours. To find the unique IP address for that domain/sub-domain to go (DOMAINS > MANAGE DOMAINS) in the control panel. The unique IP address for that domain will be listed below it.
Click on the "Edit" link (under the "Secure Hosting" section) to verify whether or not you are hosting the domain with our without the sub-domain "www".
NOTE: Depending on how you have your secure hosting set up you may also want to set up "WWW.YOURDOMAIN.COM" and "YOURDOMAIN.COM" in your "hosts" file. The secure certificate will only match one or the other! If you get a warning about a domain mismatch do NOT accept the certificate! Change the URL in your browser to the correct domain and try again.
Examples;
127.0.0.1 localhost 192.168.54.25 YOURDOMAIN.COM <----<<< ADD THIS 192.168.54.25 WWW.YOURDOMAIN.COM <----<<< AND THIS
If you get a warning about the CA (Certification Authority) not being trusted then an intermediate certificate may need to be installed. If your certificate provider gave you an intermediate certificate please upload it (and the regular certificate) to your account. Submit a support request and let us know where it is and we can install it for you.
Once you've finished testing you can delete those entries from the "hosts" file again so your computer will rely on the DNS system to resolve the IP address for you (as it would for everyone else).
