Solved

How do I Configure or Setup Apache SSl Configuration

Posted on 2006-07-03
7
244 Views
Last Modified: 2013-11-29
How do i create ssl certifacate and sign it  and have jdcamp.org come up as https://jdcamp.org by default  or if someone types http://jdcamp.org automaticly switch to https://jdcamp.org
0
Comment
Question by:jcw20
  • 2
  • 2
7 Comments
 
LVL 1

Author Comment

by:jcw20
ID: 17033211
NameVirtualHost 10.10.10.4:80
NameVirtualHost  10.10.10.4:443
<VirtualHost 10.10.10.4:80>
ServerAdmin jessewhittington@hotmail.com
ServerName  www.jdcamp.org
DocumenRoot /var/www/html/jdcamp
CustomLog  /var/www/hml/jdcamp/logs/access-log comen
ErrorLog       /var/www/hml/jdcamp/logs/error-log comen
</VirtualHost>
0
 
LVL 23

Expert Comment

by:rama_krishna580
ID: 17061798
Hi,

Setting up SSL Certificates on Apache
http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html

R.K
0
 
LVL 1

Author Comment

by:jcw20
ID: 17116320
need more help
0
 
LVL 10

Accepted Solution

by:
PSSUser earned 500 total points
ID: 17245208
Given the directory names I assume this is on Linux and that openssl is installed
Change to the directory where the certificate files are going to be stored.

Generate the private key for the request:
  openssl genrsa -des3 1024 > private.key
Enter and verify the passphrase

Generate the Request:
openssl req -new -key private.key > request.csr

Enter the passphrase as above and then enter the other details as prompted.
Country Code - uses iso 2 letter codes.
State or Province - State in US or County in GB
Locality - City/town
Organization - Company name/your name
Organizational Unit - can leave this blank unless you have a particular need for it.
Common name - the domain name of the server (www.jdcamp.org).
email address -  can leave blank
Challenge Password - what ever you want
Optional Company Name - again can leave blank
It's best if this information ties in with who the domain is registered to (if you are getting a proper certificate through a CA [Certificate Authority] e.g. verisign). If not then the CA will probably send an authorisation form through that needs signing by the company owning the domain stating they give permission to the company/person registering the certificate to run a site on their behalf.

Now register for the certificate with the CA selecting server type Apache.
When the certificate is returned you just to to save the certificate to file (including the begin and end markers) e.g. certificate.crt

For testing you can creating a self signed certificate

Change to the directory where the certificate files are stored.
  openssl req -x509 -key private.key -in request.csr > selfcert.crt

If you are getting a CA certificate you may need to download a intermediate file, but their support/faq section should detail this.

Using the cert in the apache config
Make sure you're listening on the default https port as well as http
Listen 10.10.10.4:80
Listen 10.10.10.4:443
Make sure mod_ssl is loaded
LoadModule ssl_module modules/mod_ssl.so
Make a VirtualHost container for SSL access (it can include otehr directives as necessary this is just the bear bones)
<VirtualHost 10.10.10.4:443>
  SSLEngine on
  SSLCertificateFile /certificatedir/selfsign.crt
  SSLCertificateKeyFile /certificatedir/private.key
#  SSLCACertificateFile /certificatedir/intermediate.crt  #This is needed only if you are buying a certificate and the CA requires it, for self signed it's not needed
</VirtualHost>

As I said this is bear bones for more details on other SSL directives look at
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
0
 
LVL 10

Expert Comment

by:PSSUser
ID: 17245250
Sorry just realised I didn't answer your other question about default SSL.

One way is to have
<VirtualHost 10.10.10.4:80>
  Redirect 301 / https://jdcamp.org
</VirtualHost>

The virtual host means it only applies to connections comming in on port 80. The Redirect 301 code means permanent move/redirect. The / means any url and obviously the https://jdcamp.org is where to.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATEā€¦
Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now