:: Setup SSL in Apache
:: What is SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for privacy and a keyed message authentication code for message reliability. :: wikepedia
:: Generate CSR
+ Create directory for ssl file
mkdir cd /etc/httpd/conf/ssl cd /etc/httpd/conf/ssl
+ Generate a encrypted private key file
openssl genrsa -des3 -out domainname.key 2048
You could also create a private key without file encryption if you do not want to enter the pass phrase when starting your web server:
openssl genrsa -out domainname.key 2048
To view the contents of the private key, use the following command:
openssl rsa -noout -text -in domainname.key
+ Create a CSR with the RSA private key
openssl req -new -key domainname.key -out domainname.csr
To view the contents of CSR
openssl req -noout -text -in domainname.csr
+ Submit the CSR on Certificate Authority Provider
+ Create a backup of your private key, if you lose this file, you must purchase a new certificate.
:: Installing SSL on Apache
+ Checking permission
Make sure your certificate file have permission 644 (-rw-r–r–)
cd /etc/httpd/conf/ssl chmod 644 *
+ Checking ServerName
Make sure the ServerName is not set in the SSL virtualhost that it matches the default ServerName of the server in httpd.conf
vi /etc/httpd/conf/httpd.conf ## setup ServerName like this: ServerName www.domainname.tld
+ Setup SSL on VirtualHost
cd /etc/httpd/sites vi domainname.tld.conf
Setup VirtualHost like this:
<VirtualHost YOUR_IP_ADDR:443> ServerName domainname.tld ServerAlias www.domainname.tld DocumentRoot /var/www/vhosts/documentroot/ ErrorLog logs/domainname.tld-error_log CustomLog logs/domainname.tld-access_log common SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl/domainname.crt SSLCertificateKeyFile /etc/httpd/ssl/domainname.key SSLCACertificateFile /etc/httpd/ssl/cert/intermediate.crt <Directory "/var/www/vhosts/documentroot"> Options Indexes FollowSymLinks AllowOverride all Order allow,deny Allow from all </Directory> </VirtualHost>
+ Restart httpd
apachectl configtest apachectl stop apachectl start
or
/etc/init.d/httpd restart
:: Links
+ Google
+ RapidSSL
+ QuestionDefense