SSL Certificates Page Needs Overhaul

layer0

Verified User
Joined
Aug 3, 2006
Messages
82
This page has been desperate need of overhaul for years now.

I can probably count on one hand the amount of customers that were actually able to install SSL on their own successfully.

There's too many options, radio buttons, and combined items in text areas on one page.

We've contacted DA support about this, but they never do anything.

When is this page going to be overhauled to be more user friendly and less prone to issues?

A good percentage of our support costs go towards helping users install their SSLs, and it's just really cumbersome the way DA makes the process.
 
The SSL Certificates page in DirectAdmin at the user-level is very cumbersome and hard to use.

There's a text area used to encompass BOTH the RSA key and certificate, which is silly. Why not use two separate text areas for this to avoid confusion?

There's multiple radio buttons and different form elements that do many different things on the single page. Why not separate this to make it less confusing?

On this forum, most of us probably don't have an issue using it, but that's because we have prior experience. In real world, hardly any of our customers can figure it out, even with documentation provided. That means the page is poorly designed.
 
As you may know if you read the DirectAdmin advertising pages, we charge $10 to install Certificates bought from us. You can do that too; as you write, it takes only seconds once you know how to do it... and you'll have a nice Certificate business as well :).

Jeff
 
I never thought it was hard to use at all. Maybe they should change it to a wizard with different steps.
 
Hello,

What are the usual problems that clients have when using it? That would help us determine what changes should be done.

We could perhaps make the 3 main radio boxes collapse everything related to them if they're not selected.
It would be fairly simple to do and would make it look clearer. If a radio box isn't checked, no need to show it's related data.

As for general operational changes, I had an idea of storing all keys ever made in a certain location. We do get some emails of people wondering where their key went, as they overwrite it with a new CSR. Saving all of them can be handy as DA could go systematically through each one when they paste in their certificate to see which one matches up. Saves the client from needing to keep track of it.

As for a step-by-step wizard.. there really are not many "steps", perse. Everything is essentially 1 click. Create a CSR... paste a cert/key etc.. They're all done at different times. But I agree, knowing what to do for each step would be handy.
Note, it is described in the Help section, but many clients are "next-clickers" who expect to not have to read up on documentation.. which is fair for most modern software.
The SSL system itself isn't quite as straightforward as other system, so we can try make it look cleaner for clients.

Any other specific recommendations welcome!

John
 
I like the idea of a wizard. Most ordering systems work with a wizard. People are used to them. It would also make it easier to not forget to install the CA cert (clicking on a word in a line below the forms is not great from a UX pov).

But without a wizard, I think that only showing the form for the current task at hand would be a good step forward.
In case of a new install, let's show 3 areas: private key, certificate, chained certificates. Customers usually have these 3 elements ready and just need a way to insert them into DA.
 
As for general operational changes, I had an idea of storing all keys ever made in a certain location. We do get some emails of people wondering where their key went, as they overwrite it with a new CSR. Saving all of them can be handy as DA could go systematically through each one when they paste in their certificate to see which one matches up. Saves the client from needing to keep track of it.

YES PLEASE!!!

I am not an advanced user, however I have been using DA for several years now, prvoding web hosting for my clients. The recent changes to the SSL page have made the task of RENEWING certificates more difficult (IMO). The problem I have is that I don't think I see the KEY when I create a new CRS for renewal purposes. I have had to request replacement certs three times now, for 2 different clients, because the cert I paste doesn't match the key. I retained the original cert and new CRS in a wordpad doc, but when I try to install the new cert from COMODO, I get the same error.

The help page on SSL says:

Select the radio button next to "Paste a pre-generated certificate and key." As you can see, the key is already inserted in the text box for you. Paste the certificate immediately below it and click "Save."

The only thing I see is a CSR, not a key.

From there, I have to quickly replace the original cert so the site remains secure, while I await the new cert from Comodo, several hours or a day later. So it would be totally awesome if DA could save me a few steps of aggravation, and the frustration of being unable to find the proper key.

The DA page has a note at the bottom that says:

When creating a certificate request, the key will be saved and shown in the field above. The request will be shown on a new page. When you get the certificate from the Certificate Authority using the request, simply paste the certificate in the field after the key on a new line and click "Save"

Ok, I do see the CSR on the next page. But when I click the back button, it seems that things are now set to use the "servers shared cert". I don't see a key that says SAVE ME or anthing obvious.

I do admit that I could be blind or having a total blond moment, but when I read this post I thought "What a great idea!"

Now, can anyone tell me where I'm missing this key?
Thanks!
 
OK, half blind and half blond. I figured out what I'm doing wrong...

After copying the CSR and clicking the back button, the previous page now shows that the domain is set to "use server's shared certificate", and the NEW key is in the box, just above the OLD certificate. It was there all along, but I just kept missing it, assuming it was the key associated with the 'shared cert'.

So what I need to do from here is:

1- copy that new key from there
2- save it somewhere else while awaiting the new cert to be issued
3- paste the Original key back on top of the original cert and click save, so the site remains secure

But at least I now know where to find the new keys :eek:
 
That's how we do it if we need a new private key.

However, unless you're converting key size, there's no special reason why you need a new private key.

Jeff
 
Actually, that makes sense. Because recently Comodo started requiring the larger key size. So that is probably why I started having 'my little issues' when replacing renewed certs. ;)

Thanks!
 
Back
Top