GlobalSign Blog

27 Jun 2012

How To: OneClickSSL Open Source PHP Library

Since launching our OneClickSSL technology, we have remained focused on further increasing the availability of the solution in hosting environments.

We promised new developments and our latest addition, the open source PHP library, should not disappoint. In short, it means hosting companies worldwide can benefit from hassle-free SSL reselling regardless of in-house systems and control panels.

We want the technology to be as easy to integrate as it is to use, so I was spurred on to write this ‘How To’ to help you get started. At the most basic level, the aim of the library is to take most of the work out of your hands.

You may want to start by downloading the library by going to the github repository.

Creating your own extension

To use the library in your own environment you can use one of the example extensions or create your own. You’ll only need basic PHP programming experience to create a new extension.

You will find the platform-specific extensions in the first directory (“ext”), and the library and its interface connector in the second. It’s important that you don’t change any of the files in this directory or this would break the compatibility for future updates.

Looking at the “ext” directory you will find an “Example” extension. Simply copy and rename this directory to get started with creating your own extension. (see top image)

Checking if an IP address is available and assigning one (optional)

As most of our blog readers will know SSL requires a dedicated (unique) IP address to be assigned to the website. The library looks for a feature that checks if the website is configured on a dedicated IP address. If it’s not the case, you can simply return false to stop the process or continue with assigning a dedicated IP address and update the DNS information for the website. As our systems don’t us DNS cache we would see your DNS update immediately!

The checkIP function is optional. If you do not wish to use it, you can simply remove it or comment it out.

checkIp function

Creating and restoring a backup of your certificates (optional)

Although this is optional, I would certainly encourage you to implement this function. Creating a backup to allow rolling back when the process fails will help you to minimize the risk of your website going down. The backup and restore options will be particularly useful in the case of a revocation; our system will then temporary install a new certificate to revalidate your domain control. When the certificate is revoked we will restore the backup of your non-revoked certificate to continue operation as normal.

Creating a backup could be as simple as copying a file to another directory or loading it in memory until the process has completed.

Here you also return true on success and false on failure. If you prefer not to create a backup, simply remove the function or comment it out.

Note: Don’t forget to include the intermediate CA certificate(s) in your backup.

backup function

Install SSL Certificate and CA hierarchy

Step 3 is the only required step to implement OneClickSSL into your environment or control panel. The installation procedure will install the certificate onto your webserver(s), load balancer(s), proxy(s)/off-loader(s) etc.

The installation step is executed twice. First for the temporary certificate installation and the second for the production certificate. The certificate needs to be loaded and active on the webserver within 60 seconds. You can simply return the certificate when the function is finished even if your environment needs a few seconds to activate it. The library will automatically check if the new certificate is installed and served by the webserver.

A. Save private key

First the private key that was generated by the library needs to be stored to the webserver. Depending on your infrastructure and server configuration this can be done by saving the file to the file system, uploading it to a database or calling an external API.

B. Install certificate

The certificate that is issued by GlobalSign then needs to be saved. In most cases, this will be done at the same time as stage 1.

C. Install intermediate certificates

If the certificate requires a CA intermediate to be installed this will be stored in $cacert. This variable can hold more than one intermediate.

D. Check file permissions

When installing SSL Certificates it’s important to remember that you have to secure the private key (in database and on disk). As the name suggest this key is private and should not be accessible or known by any other users than you.

install function

You are now all set up and ready to go with OneClickSSL. All you need is a reseller account from GlobalSign to obtain OneClickSSL vouchers. Stay tuned as in our next article we will give you some more information on the Remote Administration Agent, Certificate revocation features, and language options.

Share this Post

Subscribe to our Blog