Installing SSL certificate in Apache
From Notes_Wiki
<yambe:breadcrumb>Security_tips|Security tips</yambe:breadcrumb>
Using startssl SSL certificates for HTTPS
It is good to have HTTPS certificate signed by recognized CA instead of using self-signed certificate. One very viable option for simple HTTPS certificate is http://www.startssl.com Using this website one can generate SSL certificates recognized by all popular browsers for free. Steps for obtaining such certificate are:
- Register on website and provide authetication code from email
- Wait for another acceptance email with code and paste same in browser
- Generate client certificate to recognize oneself. Take backup of this certificate with password at some safe location.
- Go to control panel -> Validation wizard -> Domain name validation
- Verify by email ID of domain owner. An email with verification code will be sent to chosen email ID.
- Go to control panerl -> Certificate wizard -> SSL/TLS web certificate
- Choose simple password and create private key
- Download private key and decrypt it with password chosen in previous step. Decoding command is shown on the screen as "openssl rsa -in ssl,key -out ssl.key"
- Enter desired TLD and sub-domain for which certificate is being requested
- Wait for email confirmation for certificate request
- Download the certificate and copy it to server along with key and CA (pem) format with CRL included
Install SSL certificate in apache
For installation of certificate in apache use following steps:
- Copy all (certificate, key, CA bundle) to /etc/httpd/conf folder
- chmod 400 ssl.key
- Edit /etc/httpd/conf.d/ssl.conf and replace appropriate values. Following three values need to be updated:
- SSLCertificateFile /etc/httpd/conf/ssl.crt
- SSLCertificateKeyFile /etc/httpd/conf/ssl.key
- SSLCACertificateFile /etc/httpd/conf/ca-bundle.pem
- Restart apache and verify that certificate is working as expected.