Solved

How do I Configure or Setup Apache SSl Configuration

Posted on 2006-07-03
7
251 Views
Last Modified: 2013-11-29
How do i create ssl certifacate and sign it  and have jdcamp.org come up as https://jdcamp.org by default  or if someone types http://jdcamp.org automaticly switch to https://jdcamp.org
0
Comment
Question by:jcw20
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 1

Author Comment

by:jcw20
ID: 17033211
NameVirtualHost 10.10.10.4:80
NameVirtualHost  10.10.10.4:443
<VirtualHost 10.10.10.4:80>
ServerAdmin jessewhittington@hotmail.com
ServerName  www.jdcamp.org
DocumenRoot /var/www/html/jdcamp
CustomLog  /var/www/hml/jdcamp/logs/access-log comen
ErrorLog       /var/www/hml/jdcamp/logs/error-log comen
</VirtualHost>
0
 
LVL 23

Expert Comment

by:rama_krishna580
ID: 17061798
Hi,

Setting up SSL Certificates on Apache
http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html

R.K
0
 
LVL 1

Author Comment

by:jcw20
ID: 17116320
need more help
0
 
LVL 10

Accepted Solution

by:
PSSUser earned 500 total points
ID: 17245208
Given the directory names I assume this is on Linux and that openssl is installed
Change to the directory where the certificate files are going to be stored.

Generate the private key for the request:
  openssl genrsa -des3 1024 > private.key
Enter and verify the passphrase

Generate the Request:
openssl req -new -key private.key > request.csr

Enter the passphrase as above and then enter the other details as prompted.
Country Code - uses iso 2 letter codes.
State or Province - State in US or County in GB
Locality - City/town
Organization - Company name/your name
Organizational Unit - can leave this blank unless you have a particular need for it.
Common name - the domain name of the server (www.jdcamp.org).
email address -  can leave blank
Challenge Password - what ever you want
Optional Company Name - again can leave blank
It's best if this information ties in with who the domain is registered to (if you are getting a proper certificate through a CA [Certificate Authority] e.g. verisign). If not then the CA will probably send an authorisation form through that needs signing by the company owning the domain stating they give permission to the company/person registering the certificate to run a site on their behalf.

Now register for the certificate with the CA selecting server type Apache.
When the certificate is returned you just to to save the certificate to file (including the begin and end markers) e.g. certificate.crt

For testing you can creating a self signed certificate

Change to the directory where the certificate files are stored.
  openssl req -x509 -key private.key -in request.csr > selfcert.crt

If you are getting a CA certificate you may need to download a intermediate file, but their support/faq section should detail this.

Using the cert in the apache config
Make sure you're listening on the default https port as well as http
Listen 10.10.10.4:80
Listen 10.10.10.4:443
Make sure mod_ssl is loaded
LoadModule ssl_module modules/mod_ssl.so
Make a VirtualHost container for SSL access (it can include otehr directives as necessary this is just the bear bones)
<VirtualHost 10.10.10.4:443>
  SSLEngine on
  SSLCertificateFile /certificatedir/selfsign.crt
  SSLCertificateKeyFile /certificatedir/private.key
#  SSLCACertificateFile /certificatedir/intermediate.crt  #This is needed only if you are buying a certificate and the CA requires it, for self signed it's not needed
</VirtualHost>

As I said this is bear bones for more details on other SSL directives look at
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
0
 
LVL 10

Expert Comment

by:PSSUser
ID: 17245250
Sorry just realised I didn't answer your other question about default SSL.

One way is to have
<VirtualHost 10.10.10.4:80>
  Redirect 301 / https://jdcamp.org
</VirtualHost>

The virtual host means it only applies to connections comming in on port 80. The Redirect 301 code means permanent move/redirect. The / means any url and obviously the https://jdcamp.org is where to.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
Learn about the eCommerce marketing trends for the year ahead.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question