Solved

How do I Configure or Setup Apache SSl Configuration

Posted on 2006-07-03
7
248 Views
Last Modified: 2013-11-29
How do i create ssl certifacate and sign it  and have jdcamp.org come up as https://jdcamp.org by default  or if someone types http://jdcamp.org automaticly switch to https://jdcamp.org
0
Comment
Question by:jcw20
  • 2
  • 2
7 Comments
 
LVL 1

Author Comment

by:jcw20
ID: 17033211
NameVirtualHost 10.10.10.4:80
NameVirtualHost  10.10.10.4:443
<VirtualHost 10.10.10.4:80>
ServerAdmin jessewhittington@hotmail.com
ServerName  www.jdcamp.org
DocumenRoot /var/www/html/jdcamp
CustomLog  /var/www/hml/jdcamp/logs/access-log comen
ErrorLog       /var/www/hml/jdcamp/logs/error-log comen
</VirtualHost>
0
 
LVL 23

Expert Comment

by:rama_krishna580
ID: 17061798
Hi,

Setting up SSL Certificates on Apache
http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html

R.K
0
 
LVL 1

Author Comment

by:jcw20
ID: 17116320
need more help
0
 
LVL 10

Accepted Solution

by:
PSSUser earned 500 total points
ID: 17245208
Given the directory names I assume this is on Linux and that openssl is installed
Change to the directory where the certificate files are going to be stored.

Generate the private key for the request:
  openssl genrsa -des3 1024 > private.key
Enter and verify the passphrase

Generate the Request:
openssl req -new -key private.key > request.csr

Enter the passphrase as above and then enter the other details as prompted.
Country Code - uses iso 2 letter codes.
State or Province - State in US or County in GB
Locality - City/town
Organization - Company name/your name
Organizational Unit - can leave this blank unless you have a particular need for it.
Common name - the domain name of the server (www.jdcamp.org).
email address -  can leave blank
Challenge Password - what ever you want
Optional Company Name - again can leave blank
It's best if this information ties in with who the domain is registered to (if you are getting a proper certificate through a CA [Certificate Authority] e.g. verisign). If not then the CA will probably send an authorisation form through that needs signing by the company owning the domain stating they give permission to the company/person registering the certificate to run a site on their behalf.

Now register for the certificate with the CA selecting server type Apache.
When the certificate is returned you just to to save the certificate to file (including the begin and end markers) e.g. certificate.crt

For testing you can creating a self signed certificate

Change to the directory where the certificate files are stored.
  openssl req -x509 -key private.key -in request.csr > selfcert.crt

If you are getting a CA certificate you may need to download a intermediate file, but their support/faq section should detail this.

Using the cert in the apache config
Make sure you're listening on the default https port as well as http
Listen 10.10.10.4:80
Listen 10.10.10.4:443
Make sure mod_ssl is loaded
LoadModule ssl_module modules/mod_ssl.so
Make a VirtualHost container for SSL access (it can include otehr directives as necessary this is just the bear bones)
<VirtualHost 10.10.10.4:443>
  SSLEngine on
  SSLCertificateFile /certificatedir/selfsign.crt
  SSLCertificateKeyFile /certificatedir/private.key
#  SSLCACertificateFile /certificatedir/intermediate.crt  #This is needed only if you are buying a certificate and the CA requires it, for self signed it's not needed
</VirtualHost>

As I said this is bear bones for more details on other SSL directives look at
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
0
 
LVL 10

Expert Comment

by:PSSUser
ID: 17245250
Sorry just realised I didn't answer your other question about default SSL.

One way is to have
<VirtualHost 10.10.10.4:80>
  Redirect 301 / https://jdcamp.org
</VirtualHost>

The virtual host means it only applies to connections comming in on port 80. The Redirect 301 code means permanent move/redirect. The / means any url and obviously the https://jdcamp.org is where to.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question