Saturday, 23 January 2016

Add secure SSL certificate https to website


For an SSL encrypted web server install the required software
yum install mod_ssl openssl


Got a free SSL certificate from startssl.com:
First, sign up with an email, after verification code verified, a client certificate will be installed on your PC, you will use it to login going forward.
after you login, choose the free certificate, verify your domain(similar steps as when you sign up), after your domain verified,
you need to download startcomtool.exe from its web page, use the tool to generate a CSR, choose method OpenSSL, copy CSR from the tool, paste into the form
after your domain verified in startssl.com, then click generate, after a few minutes, the certificates generated and you can download the certificates,
then upload to your web server, configure web server to point to it.

Update the Apache SSL configuration file

vi /etc/httpd/conf.d/ssl.conf
Change the paths to match where the Key file is stored. for example:

SSLCertificateFile /etc/pki/tls/certs/ca.crt

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache

/etc/init.d/httpd restart

Setting up the virtual hosts in /etc/httpd/conf.d/ssl.conf
  <VirtualHost *:80>  
    <Directory /var/www/vhosts/yoursite.com/httpdocs>  
     AllowOverride All  
     </Directory>  
     DocumentRoot /var/www/vhosts/yoursite.com/httpdocs  
     ServerName yoursite.com  
  </VirtualHost>  


To add a sister site on port 443 you need to add the following at the top of your file

NameVirtualHost *:443

and then a VirtualHost record something like this:
  <VirtualHost *:443>  
     SSLEngine on  
     SSLCertificateFile /etc/pki/tls/certs/ca.crt  
     SSLCertificateKeyFile /etc/pki/tls/private/ca.key  
     <Directory /var/www/vhosts/yoursite.com/httpsdocs>  
     AllowOverride All  
     </Directory>  
     DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs  
     ServerName yoursite.com  
 </VirtualHost>  


Restart Apache again using
service httpd restart

Configuring the firewall

open port 443

iptables -A INPUT -p tcp --dport 443 -j ACCEPT
service iptables save
iptables -L -v
Configure HTTPS everywhere
in /etc/httpd/conf/httpd.conf add always redirect to https
 <VirtualHost *:80>  
   ServerAdmin webmaster@craplist.ca  
   ServerName craplist.ca  
   Redirect permanent / https://craplist.ca/  
 </VirtualHost>  


in config.php:
define('WEB_PATH', 'https://craplist.ca/');

No comments:

Post a Comment

Search