Hetzner - DokuWiki

KonsoleH:SSL-Accounts/en

Inhaltsverzeichnis

General information about SSL accounts

The SSL Manager gives you the ability to create a encrypted connection and therefore transfer data between the browser and the server in an encrypted way. You can easily activate or deactivate the encryption for a single domain with a simple click of the mouse. To do this, however, you need a "wildcard certificate", a single SSL certificate that is issued to cover multiple (sub)domains and/or names all at once. Hetzner Online can now provide you with basic certificates free of cost as well as fee-based business certificates. In addition, you can also import your own certificates using the SSL Manager. (To learn more about our various certificates, please see SSL certificates).

By adding a fee-based dedicated IP address, you can also improve browser compatibility. It is standard practice for SSL accounts to be installed using server name indication (SNI) technology. This means that there is an extension by which the SSL account also uses the respective IP address's hosting server. This technology, however, is not supported by several older devices and browsers. If you want to ensure that absolutely all visitors can use an encrypted connection to your site, then you can add your own IP address to your SSL account.

Installing an SSL account

  1. In the selection box, choose the certificate that you would like for your account. If you do not already have your own certificate, you can request a free basic dertificate in this step.

  2. Click on the lock symbol to install the SSL account.

    • If you chose a finished certificate, your account should be installed directly.
    • If you ordered a basic certificate in the process of activating an SSL certificate, the account will automatically be installed as soon as the SSL certificate has been issued. (To learn more, please see Basic certificates.)

You have the additional option of adding a dedicated IP address to your account. To learn more, continue reading below.

Dedicated IP addresses

What are the advantages of adding a dedicated IP address?

It is standard practice for SSL accounts to be installed using server name indication (SNI) technology. This means that there is an extension by which the SSL account also uses the respective IP address's hosting server. This technology, however, is not supported by several older devices and browsers. If you want to ensure that absolutely all visitors can use an encrypted connection to your site, then you can add your own IP address to your SSL account.

Which browsers and operating systems support SNI?

Browsers

  • Firefox since Version 2.0
  • Internet Explorer since Version 7 (since Windows Vista!)
  • Google Chrome
  • Opera 8.0 and later (TLS 1.1 must be activated)
  • Safari 3.0 and higher (since OS X 10.5.6, since Windows Vista)

Mobile Browser

  • Android Browser since "Honeycomb" (3.0) for tablets and since "Ice Cream Sandwich" (4.0) on smartphones
  • Safari since iOS 4
  • Mozilla Firefox Mobile
  • Opera since Version 10.1 in Android
  • Windows Phoen since Version 7

Note: In general, Internet Explorer in Windows XP does not support SNI.

How to add or remove a dedicated IP address

You can add a dedicated IP address to your account simply by clicking on the "+" symbol.

Note: If you use konsoleH's name server, the displayed IP address will automatically be configured in your account's DNS Administration. However, if you use the name server of a third party, please remember to leave the IP address for your Hetzner Online SSL account with the third party.

An issued IP address can be removed by clicking on the relevant address. The SSL account will then be downgraded to an SNI account. Please doublecheck the DNS settings of your domain (see below) and place all settings that use the dedicated IP back on the standard IP of the hosting server. This will help to further ensure that your websites are accessible.

Note on how IP addresses are issued: Please carefully note that the issuance of IP addresses is random. It is therefore very likely that you will get a completely new IP address if you deinstall and then reinstall the IP address.

How to deinstall an SSL account

If you have added a dedicated IP address, please first deinstall the IP address. To do this, please see the section of this article called "How to add or remove a dedicated IP address". Then click on the lock symbol to deinstall the SSL account.

Secure additional subdomains with SSL Manager/with your SSL account

Should you wish to equip additional subdomains with an encrypted connection, please go to the menu on the left hand side and then to Services > Settings > Subdomains. Then the subdomains should appear in the list of existing SSL accounts.

Force SSL/https

If you have SSL enabled for your domain name, you can force SSL as follows:

Create a .htaccess file with the following content in the domain root directory (Document Root).

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

This will redirect all requests to the encrypted SSL variant.



© 2020. Hetzner Online GmbH. Alle Rechte vorbehalten.