At work we have recently had a lot of customers asking us about how to configure their SSL certificate files for their webserver. This may seem intimidating to many persons, especially those without any technical experience, however it really need not be so frustrating. There are only just a few things that need to be done to make sure that your website can use HTTPS SSL (or the secure hypertext transfer protocol (https) using the secure sockets layer (SSL). This tutorial should be good for most debian, centos, and redhat operating systems, or nearly any linux distribution, but you may need to install nano;<\/p>\n
# for debian or ubuntu<\/p>\n
apt-get install nano<\/p>\n
<\/p>\n
# for centos or Redhat<\/p>\n
yum install nano<\/p><\/blockquote>\n
You will have likely been sent two files by your registrar or SSL provider which are
\nthe CRT and KEY file. Each file you have been sent looks a bit like the following, you cannot do this tutorial without these two files:
\n<\/strong><\/p>\nyourdomainname.com.crt<\/strong><\/p>\n
—–BEGIN CERTIFICATE REQUEST—–
\nMIICJDCCAY0CAQAwgagxGzAZBgNVBAoTElRoZSBTYW1wbGUgQ29tcGFueTEUMBIG
\nA1UECxMLTWFpbCBTZXJ2ZXIxJDAiBgkqhkiG9w0BCQEWFXBvc3RtYXN0ZXJAc2Ft
\ncGxlLmNvbTETMBEGA1UEBxMKTWV0cm9wb2xpczERMA8GA1UECBMITmV3IFlvcmsx
\nCzAJBgNVBAYTAlVTMRgwFgYDVQQDEw9tYWlsLnNhbXBsZS5jb20wgZ8wDQYJKoZI
\nhvcNAQEBBQADgY0AMIGJAoGBAPJhc++WxcBaoDbJpzFbDg42NcOz\/ELVFMU4FlPa
\nyUzUO+xXkdFRMPKo54d4Pf1w575Jhlu9lE+kJ8QN2st6JFySbc9QjPwVwl9D2+I3
\nSSf2kVTu+2Ur5izCPbVAfU0rPZxxK8ELoOkA1uwwjFz6EFuVvnHwlguonWKDtmYW
\nu7KTAgMBAAGgOzA5BgkqhkiG9w0BCQ4xLDAqMAkGA1UdEwQCMAAwHQYDVR0OBBYE
\nFLWaQsUVIQzWr58HtDinH1JfeCheMA0GCSqGSIb3DQEBBAUAA4GBAAbe0jrGEQ3i
\ntyVfy5Lg4\/f69rKvDGs+uhZJ9ZRx7Dl92Qq2osE7XrLB1bANmcoEv\/ORLZOjWZEY
\nNjMvuz60O7R8GKBrvb\/YhAwWhIIt2LJqPkpAEWS0kY0AkoQcfZ7h6oC35+eJ7okg
\nUu3WuE57RgcNt7\/ftr0sG1jUyRwMLvhv
\n—–END CERTIFICATE REQUEST—–<\/p><\/blockquote>\nyourdomainname.com.key<\/strong><\/p>\n
—–BEGIN CERTIFICATE REQUEST—–
\nLKSDIJUCJCdsjdicx933FKJ\u00a3DKCJDIDKFJVKSIdjjhan3FGdf1wbGUgQ29tcGFueTEUMBIG
\nA1UECxMLTWFpbCBTZXJ2ZXIxJDAiBgkqhkiG9w0BCQEWFXBvc3RtYXN0ZXJAc2Ft
\ncGxlLmNvbTETMBEGA1UEBxMKTWV0cm9wb2xpczERMA8GA1UECBMITmV3IFlvcmsx
\nCzAJBgNVBAYTAlVTMRgwFgYDVQQDEw9tYWlsLnNhbXBsZS5jb20wgZ8wDQYJKoZI
\nhvcNAQEBBQADgY0AMIGJAoGBAPJhc++WxcBaoDbJpzFbDg42NcOz\/ELVFMU4FlPa
\nyUzUO+xXkdFRMPKo54d4Pf1w575Jhlu9lE+kJ8QN2st6JFySbc9QjPwVwl9D2+I3
\nSSf2kVTu+2Ur5izCPbVAfU0rPZxxK8ELoOkA1uwwjFz6EFuVvnHwlguonWKDtmYW
\nu7KTAgMBAAGgOzA5BgkqhkiG9w0BCQ4xLDAqMAkGA1UdEwQCMAAwHQYDVR0OBBYE
\nFLWaQsUVIQzWr58HtDinH1JfeCheMA0GCSqGSIb3DQEBBAUAA4GBAAbe0jrGEQ3i
\ntyVfy5Lg4\/f69rKvDGs+uhZJ9ZRx7Dl92Qq2osE7XrLB1bANmcoEv\/ORLZOjWZEY
\nNjMvuz60O7R8GKBrvb\/YhAwWhIIt2LJqPkpAEWS0kY0AkoQcfZ7h6oC35+eJ7okg
\nUu3WuE57RgcNt7\/ftr0sG1jUyRwMLvhv
\n—–END CERTIFICATE REQUEST—–<\/p><\/blockquote>\n(DO NOT USE THE ABOVE CERTIFICATES (THEY WILL NOT WORK) USE THE ONES YOU ARE PROVIDED)<\/p>\n
Step 1: Copy the CRT text into the clipboard<\/strong> (including the —–BEGIN CERTIFICATE REQUEST—– and the —–END CERTIFICATE REQUEST—–) but nothing above<\/strong> the begin certificate line and nothing below<\/strong> the end certificate line. This is\u00a0very important.\u00a0<\/strong><\/p>\n
Step 2: Open a new file<\/strong> for the CRT<\/p>\n
mkdir -p \/etc\/httpd\/conf\/ssl.crt\/
\nnano \/etc\/httpd\/conf\/ssl.crt\/yourdomain.com.crt<\/p><\/blockquote>\nStep 3: Paste in the CRT<\/strong> certificate text you were given.
\nStep 4: Press CTRL+O<\/strong> to write out the file.<\/p>\nStep 5: Copy the<\/strong> KEY <\/strong>text into the clipboard in the same way you did for the CRT.<\/p>\n
Step 6: Open a new file<\/strong> for the key file<\/p>\n
mkdir \/p \/etc\/httpd\/conf\/ssl.key\/<\/p>\n
nano \/etc\/httpd\/conf\/ssl.key\/yourdomain.com.key<\/p><\/blockquote>\n
Step 7: Paste the KEY<\/strong> certificate text.
\nStep 8: Press CTRL+O<\/strong> to write out the file.<\/p>\nIt is safe for you to replace yourdomain.com with your own domain name, but make sure that you specify it the same in the apache2 configuration later on.<\/strong> This is the file we will refer to in the webserver configuration to let it use https and ssl and if you refer to the wrong file or a non existent file it won’t work!<\/p>\n
Step 9: Edit your apache 2 webserver configuration.<\/p>\n
(Normally this is in \/etc\/apache2\/httpd.conf or \/etc\/httpd\/httpd.conf , but it could be in a different place like \/etc\/httpd\/sites-enabled or \/etc\/apache2\/sites-enabled or \/etc\/apache2\/conf.d and my have a different name to httpd.conf.)<\/p>\n
<VirtualHost 1.1.1.1:443>\r\nServerName www.yourdomain.com\r\nDocumentRoot \/var\/www\/html\/mydomain.com\r\n\r\nSSLEngine ON\r\nSSLCertificateFile \/etc\/httpd\/conf\/ssl.crt\/domain.com.crt\r\nSSLCertificateKeyFile \/etc\/httpd\/conf\/ssl.key\/domain.com.key\r\n\r\nErrorLog logs\/ssl.domain.com.error_log\r\nCustomLog logs\/ssl.domain.com.access_log combined\r\n<\/VirtualHost>\r\n<\/pre>\nIt’s important to get all of this correct. So lets go thru what each one of these lines does.<\/p>\n
VirtualHost<\/strong> tells apache2 where to listen. If you don’t know what to put here you can use:
\n<VirtualHost *:443> which will work for most configurations, but it will listen on every single IP address attached to that machine. The 443 signifies that it is the HTTPS. HTTP traffic for instance runs on port 80.<\/p>\nServerName<\/strong> is the website name your using so if your website is https:\/\/www.google.com , for instance then you want to put ServerName www.google.com.<\/p>\n
DocumentRoot<\/strong> is the location of your website on the disk, the physical location of all the files, be they html, php, images etc, DocumentRoot is the way the webserver knows where to look when serving that website hostname. For me I use \/var\/www\/html but if you don’t know it’s best to ask your provider or technical contact what your DocumentRoot here should be.<\/p>\n
SSLEngine<\/strong> ON does exactly what it says on the tin. It enables apache2’s SSL HTTPS functionality.<\/p>\n
SSLCertificateFile<\/strong> tells where apache2 is instructed to look for the CRT file you were given by your webhost. Make sure you specify it in the same location you placed it.<\/p>\n
SSLCertificateKeyFile<\/strong> tells where apache2 is instructed to look for the KEY file you were given by your webhost. Make sure you specify it in the same location you placed it.<\/p>\n
ErrorLog<\/strong> and CustomLog<\/strong> give the location on the hardisk to place the logs for the access to this website.<\/p>\n
Step 10: Enable the SSL module<\/strong> for apache2 by running<\/p>\n
a2enmod ssl<\/p><\/blockquote>\n
Step 11: Restart Apache2<\/strong> so that the configurations changes are loaded<\/p>\n
\/etc\/init.d\/apache2 restart<\/p><\/blockquote>\n
Step 11B: If Step 11 fails<\/strong> to complete then use<\/p>\n
service apache2 restart<\/p><\/blockquote>\n
That is it , you should be done configuring your apache2 SSL configuration. It’s not that hard is it? Admittedly I’ve done this before a few times myself, and I am sure that after you have done the same it will be second nature.<\/p>\n
Best wishes,
\nAdam<\/p>\n<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
At work we have recently had a lot of customers asking us about how to configure their SSL certificate files for their webserver. This may seem intimidating to many persons, especially those without any technical experience, however it really need … Continue reading