1
00:00:00,420 --> 00:00:07,680
Whenever we receive a certificate, it is for a certain period, in our case, it was for 90 days.

2
00:00:08,010 --> 00:00:12,190
So how to renew the certificate and then how to use the renew certificate?

3
00:00:12,750 --> 00:00:14,520
That is the purpose of this video.

4
00:00:15,090 --> 00:00:22,320
So in our case, we have already seen how to create the certificate and how to implement the secure

5
00:00:22,320 --> 00:00:22,920
web server.

6
00:00:23,040 --> 00:00:30,840
Now just we want to see how to renew the certificate and then how to use that renewed certificate.

7
00:00:30,990 --> 00:00:35,130
And we are showing this by using the screenshot that we have already taken.

8
00:00:35,670 --> 00:00:44,340
So in our case, whenever your certificate is going to expire, that you will get the mail from

9
00:00:44,340 --> 00:00:51,120
this zeroSSL, from where we got that certificate that your certificate is going to expire.

10
00:00:51,120 --> 00:00:58,470
In our case, we started getting the mail like in this mail it is saying that your ocloud.in will expire

11
00:00:58,470 --> 00:00:59,250
in seven days.

12
00:00:59,700 --> 00:01:02,610
So that means you will get the warning message.

13
00:01:03,000 --> 00:01:10,380
And even when you are going to visit on your websites, like in our case, our website was www.ocloud.in

14
00:01:10,410 --> 00:01:13,080
and when you are going to type https.

15
00:01:13,320 --> 00:01:19,130
And then when we are going to click on this button on this lock button, what will we?

16
00:01:19,350 --> 00:01:26,760
It is going to show you that it is going to expire on September 18, 21.

17
00:01:27,270 --> 00:01:30,840
So that means warning message regarding certificate expiring.

18
00:01:30,840 --> 00:01:32,970
Will checking website you are going to get.

19
00:01:33,990 --> 00:01:41,970
And then how to renew the certificate, we will log in from our account, that account, which we use

20
00:01:41,970 --> 00:01:43,260
for creating the certificate.

21
00:01:43,620 --> 00:01:50,130
In our case, we use the website www.sslforfree.com for getting the certificate.

22
00:01:50,400 --> 00:01:53,160
Now again, same site for the certificate renewal.

23
00:01:54,030 --> 00:02:01,340
So when you are going to go to that, you will get this on the screen.

24
00:02:01,350 --> 00:02:07,830
You will find that it is saying that ocloud.in is expiring soon and it is going to give you

25
00:02:07,830 --> 00:02:12,780
the date also, plus what it is showing, it is showing you the reniew also.

26
00:02:13,290 --> 00:02:15,810
So what we are going to do, we are going to click.

27
00:02:15,810 --> 00:02:21,640
We have already performed this step and during performing those steps, we have taken the screenshots.

28
00:02:21,960 --> 00:02:23,760
So we are going to click on the renew.

29
00:02:25,130 --> 00:02:31,040
Then when we are going to click on that renew, what will happen, it will show us.

30
00:02:31,280 --> 00:02:36,320
this menu that whether you need a wildcard certificate or not.

31
00:02:36,560 --> 00:02:42,860
And we are going to uncheck that mean we will move this to this place because we do not need the wildcard

32
00:02:42,860 --> 00:02:45,740
certificate, wildcard is paid Certificate.

33
00:02:46,430 --> 00:02:52,910
So in our case, we will move this to this place and then we will click.

34
00:02:53,540 --> 00:02:58,700
Then when we are going to click on this, then we are going to specify the domain.

35
00:02:58,700 --> 00:03:02,720
In our case, that domain was ocloud.in, which is owned by me.

36
00:03:03,050 --> 00:03:10,490
So here when we are going to enter it, it is going to create the certificate for ocloud.in

37
00:03:10,490 --> 00:03:13,340
also for www.ocloud.in also.

38
00:03:14,030 --> 00:03:16,520
And then we are going to click on next.

39
00:03:18,020 --> 00:03:23,750
Then what it is going to show you, whether you want the certificate for 90 days or one year, if you're

40
00:03:23,750 --> 00:03:26,300
going to get it for one year, then this is paid.

41
00:03:26,570 --> 00:03:29,790
So in our case again, we are going to select the 90 day.

42
00:03:29,810 --> 00:03:34,580
That means when we are renewing the certificate again, we will choose this option for 90 day.

43
00:03:35,270 --> 00:03:36,830
Then what it is going to say?

44
00:03:37,580 --> 00:03:44,570
It is going to say whether you want to generate a CSR, then we are going to choose the default option

45
00:03:44,570 --> 00:03:46,160
that mean auto generate CSR.

46
00:03:46,370 --> 00:03:53,840
We are not going to validate it because we are already discuss all of these things in the previous videos.

47
00:03:54,410 --> 00:03:58,310
So we are going to select the default setting to generate CSR.

48
00:03:59,460 --> 00:04:02,550
Then it is going to show which scheme you want.

49
00:04:02,850 --> 00:04:09,420
So in our case, we are going to use the free that is, no money will be charged, but the only problem

50
00:04:09,420 --> 00:04:11,940
is it is valid for 90 a day.

51
00:04:12,090 --> 00:04:13,410
No issue regarding that.

52
00:04:14,450 --> 00:04:23,120
Then we have to use that domain verification, whether actually this ocloud.in belong

53
00:04:23,120 --> 00:04:23,900
to us or not.

54
00:04:24,230 --> 00:04:26,390
So we have to make one cname entry.

55
00:04:26,660 --> 00:04:32,780
So in our case, we are going to make entry into our because this domain, I have registered on GoDaddy.

56
00:04:32,780 --> 00:04:33,320
com.

57
00:04:33,530 --> 00:04:36,980
So we are going to make entry regarding cname.

58
00:04:37,310 --> 00:04:43,400
And now we are not going to repeat how to create this cname record entries because that.

59
00:04:43,430 --> 00:04:45,650
Also, we have covered in earlier videos.

60
00:04:46,190 --> 00:04:52,520
So we are going to make entries in DNS by using DNS manager.

61
00:04:53,590 --> 00:05:00,430
That mean modify cname because already when we were issued the certificate already the cname record was

62
00:05:00,430 --> 00:05:05,050
there so now we have to modify that record and make entry according to this.

63
00:05:07,450 --> 00:05:12,340
According to the instructions, now then we have to click on Verify Domain.

64
00:05:12,790 --> 00:05:14,740
Now it will say congratulations.

65
00:05:15,190 --> 00:05:16,210
Congratulations.

66
00:05:16,220 --> 00:05:18,490
Your SSL certificate is on route.

67
00:05:18,520 --> 00:05:21,760
that mean they are going to issue us

68
00:05:22,660 --> 00:05:27,790
Then it is going to say that please download the congratulations.

69
00:05:27,850 --> 00:05:29,440
Your domain has been verified.

70
00:05:29,800 --> 00:05:33,460
This means our system issuing your certificate at the moment.

71
00:05:34,030 --> 00:05:39,460
Now what we will do, we will download the certificate and we will save it somewhere.

72
00:05:40,240 --> 00:05:47,980
Now what we need to do after the certificate has been issued, you will get this type of screen on your

73
00:05:47,980 --> 00:05:49,540
sslforfree.com.

74
00:05:49,990 --> 00:05:57,970
So this screen will be like a 90 day SSL issued that mean certificate that has

75
00:05:57,970 --> 00:05:58,560
been issued.

76
00:05:58,570 --> 00:06:05,800
It is valid up to December 13, 2021 and earlier, which is expiring on 17th.

77
00:06:06,830 --> 00:06:08,660
Then after the expiry date.

78
00:06:09,170 --> 00:06:15,230
now this screenshot we have taken today that mean 21st October.

79
00:06:15,440 --> 00:06:17,180
So already that has expired.

80
00:06:17,720 --> 00:06:19,070
So what is?

81
00:06:19,380 --> 00:06:24,470
Now, it is not showing only showing the issue certificate that mean issue certificate.

82
00:06:24,950 --> 00:06:28,850
If we want to see that a earlier certificate, we have to click on the expired.

83
00:06:29,950 --> 00:06:37,690
So it is showing the expired and after the expiry, if you are going to visit the site, what will

84
00:06:37,690 --> 00:06:38,080
happen?

85
00:06:38,830 --> 00:06:43,810
It is going to show you this type of Warning potential security risk ahead.

86
00:06:44,530 --> 00:06:52,780
So when we are going to click on Advanced, it is going to show you that the website prove their identity via

87
00:06:52,780 --> 00:07:01,650
certificates, which are valid for a set time period. The certificate for www.ocloud.in expired on September 18,

88
00:07:01,650 --> 00:07:02,680
it got expired.

89
00:07:02,770 --> 00:07:04,630
So that is why it is giving error.

90
00:07:05,570 --> 00:07:12,990
And if you are going to click on further details to view certificate, you will get that type of detail.

91
00:07:13,340 --> 00:07:17,810
When it was issue, when you cannot use after this date.

92
00:07:18,970 --> 00:07:25,630
And here we are showing you that we if you are going to click on this our website, if you are going

93
00:07:25,630 --> 00:07:33,730
to click on that Lock button and you will get this information that it was to expire 18 September

94
00:07:33,730 --> 00:07:35,020
2021.

95
00:07:35,440 --> 00:07:42,610
And here we have taken the screenshot of Today and we are either doing this thing at

96
00:07:42,620 --> 00:07:46,240
around the 4:16pm on 21st oct.

97
00:07:46,240 --> 00:07:53,320
Already expire that mean after the expiry of certificate, you will get this type of message, so be careful

98
00:07:53,320 --> 00:07:55,870
that mean your certificate had expired.

99
00:07:56,500 --> 00:08:01,300
Now what we are going to do now we want to already downloaded.

100
00:08:01,570 --> 00:08:09,550
So what we will do, we will log into our ec2 instance that is running, that is the address

101
00:08:09,550 --> 00:08:11,950
of our instance that we have already covered.

102
00:08:12,400 --> 00:08:19,900
So we are going to put the address of our Apache web server, then for coloring scheme use your system

103
00:08:19,900 --> 00:08:20,290
color.

104
00:08:21,070 --> 00:08:28,750
Then by default on that instance, the user is ec2-user and I am using my private key.

105
00:08:29,020 --> 00:08:32,650
vipingupta.ppk for accessing that service.

106
00:08:33,280 --> 00:08:40,090
So when we are going to end because by default, when we are using the putty, the font size is very

107
00:08:40,090 --> 00:08:46,630
small, so we can change by the font size by clicking on this icon.

108
00:08:46,640 --> 00:08:48,820
So in our case, we have made it 18.

109
00:08:49,150 --> 00:08:54,250
Now you will get this type of screen, and when we are going to run the pwd command, it is

110
00:08:54,250 --> 00:09:00,130
going to show you /home/ec2-user logging and it is showing you the earlier certificate.

111
00:09:00,490 --> 00:09:07,660
So what we are going to do, we will remove this by using rm -f earlier file

112
00:09:07,670 --> 00:09:08,500
nothing is there.

113
00:09:08,950 --> 00:09:10,120
Now we are going to do.

114
00:09:10,510 --> 00:09:13,450
Then we are going to copy by using secure copy.

115
00:09:14,020 --> 00:09:20,170
So in our case, we will put the address, then ec2 username, then we will click on advanced and

116
00:09:20,170 --> 00:09:24,310
we will use our certificate.

117
00:09:24,820 --> 00:09:31,420
So we are going to use winscp to upload the certificate that we have already covered how

118
00:09:31,420 --> 00:09:32,080
to use this.

119
00:09:32,180 --> 00:09:34,990
So here also what we are going to do.

120
00:09:35,170 --> 00:09:38,170
We are going to renew the certificate.

121
00:09:38,170 --> 00:09:41,140
We are going to upload on our ec2 instance.

122
00:09:42,130 --> 00:09:46,500
So this is the screen when it is connecting to our ec2 instance.

123
00:09:47,500 --> 00:09:55,420
Then what will we do, in our case when we renew the certificate, we copied it into one Apache web server

124
00:09:55,420 --> 00:09:59,800
directory and one domain verification directory was there, here we copied this file

125
00:10:00,190 --> 00:10:01,720
Now we will click on this?

126
00:10:01,870 --> 00:10:04,210
then we will drag and drop it here.

127
00:10:04,630 --> 00:10:05,560
Then what will happen?

128
00:10:06,220 --> 00:10:07,540
The certificate will be here.

129
00:10:08,260 --> 00:10:11,110
Then what we will do again, we will go to our ec2 instance.

130
00:10:11,110 --> 00:10:14,200
now we will unzip this file.

131
00:10:15,280 --> 00:10:23,380
And it is going to unzip the file then Certificate.crt file will be there to ca_bundle.crt

132
00:10:23,380 --> 00:10:24,190
file will be there.

133
00:10:24,640 --> 00:10:25,690
Now what we are going to do.

134
00:10:26,110 --> 00:10:27,970
We are going to move these files.

135
00:10:28,000 --> 00:10:33,850
But before moving these files, we have to log in as a root user, therefore, that we are going to run sudo

136
00:10:33,850 --> 00:10:34,480
-s.

137
00:10:35,020 --> 00:10:42,310
So when we are going to run this sudo -s, this will change from ec2 to user root, then

138
00:10:42,310 --> 00:10:43,890
we are going to move this mv.

139
00:10:43,900 --> 00:10:52,480
ca_bundle.crt certificate.crt in which directory /etc/pki/tls/certs because already

140
00:10:52,840 --> 00:10:57,940
these files are there, so it is going to give you the message, whether you want to overwrite.

141
00:10:57,940 --> 00:11:03,250
We are going to say yes yy, then we are going to move the private file into this directory,

142
00:11:03,850 --> 00:11:04,900
then what we are going to do.

143
00:11:05,380 --> 00:11:07,690
We are going to restart our Apache.

144
00:11:08,200 --> 00:11:13,300
Then we will go to our website and we will check whether everything is OK or not.

145
00:11:13,690 --> 00:11:19,510
So let us go to the website and show you that now again, our web server is working properly, so we

146
00:11:19,510 --> 00:11:28,320
will say https://www.ocloud.in.

147
00:11:30,930 --> 00:11:34,260
So it will open the page when we are going to click on this.

148
00:11:35,340 --> 00:11:42,690
So when we are going to more information, it is showing that now it is valid for up to December 14.

149
00:11:43,500 --> 00:11:54,480
again, what we can do, we can use the other also as https://ocloud.in.

150
00:11:56,470 --> 00:12:00,640
So again, it is showing it is running when we are going to click on this.

151
00:12:01,390 --> 00:12:02,080
It is going to.

152
00:12:03,130 --> 00:12:10,330
So in our case, the purpose was to show you how to renew the certificate rest of the steps are same that mean

153
00:12:11,350 --> 00:12:12,970
you have to download that certificate.

154
00:12:12,980 --> 00:12:18,640
You have to upload into the ec2 instance because already we have made the entries in the file, we

155
00:12:18,640 --> 00:12:21,400
have to just replace the earlier certificate.

156
00:12:21,610 --> 00:12:25,960
Again, your site will be now again, it will be valid.

157
00:12:26,080 --> 00:12:27,610
Now it is sporting the.

158
00:12:27,610 --> 00:12:27,880
https.

159
00:12:28,240 --> 00:12:37,090
So that was the renewal of your certificate, how to renew the certificate and again, use this certificate.