SSL is short form of ‘Secure Sockets Layer’ and is a crystallographic protocol that provides security for communications over networks by encrypting segments of network connections at the transport layer end-to-end.
Installation of SSL is different on Linux compared to windows. I assume you already have a certification file from your provider before proceeding ahead with this tutorial. Further I will be using www.mysiteforssl.com as example domain in this tutorial. You can replace it with your domain name while actual implementation is in process.
As a basic information SSL listens to post 443 and there is only one SSL vhost per IP address. Mutiple SSL vhost may require multiple IPs.
Step 1: Connect to server using Putty or WinSCP (we will be using Putty in this example)
Step 2: Enable mod_ssl
we need to make sure mod_ssl is enabled on server. To enable apache’s SSL module enter following command in sequence:
a2enmod ssl
[code]/etc/init.d/apache2 restart[/code]
First command enable SSL module and second command restart apache server, which is required after enabing a module. We can check is apachec is listening to correct module using:
[code]netstat -tap | grep https[/code]
Step 3: Setup Vhost
We need to create a new Vhost and for this purpose we can use default SSL vhost configuration in the file located at /etc/apache2/sites-available/default-ssl. Create a copy of this file so we can make changes in it per our requirement. You can name it as yu wish, for easy reference we will name it same as of domain (mysiteforssl.com)
[code]cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/mysiteforssl.com-ssl[/code]
Above command will create a new file ‘mysiteforssl.com-ssl’ in /etc/apache2/sites-available directory.
Step 4: Open and make changes in mysiteforssl.com-ssl. For user not much familiar with linux commands, use:
[code]vi -b -n /etc/apache2/sites-available/mysiteforssl.com-ssl[/code]
This open file in view mode, press ‘a’ – this change file to insert mode.
If you are using WinSCP you can download file, make change in text editor and upload it back on server.
Step 5: Configure the block for the SSL-enabled site.
Below is a very simple example of a virtual host configured for SSL.
[code]
ServerName www.mysiteforssl.com
DocumentRoot /path/to/your/document/root/htdocs
SSLEngine ON
SSLCertificateFile /etc/httpd/conf/ssl.crt/domain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain.com.key
ErrorLog logs/ssl.domain.com.error_log
CustomLog logs/ssl.domain.com.access_log combined
[/code]
Make sure to update xxx.xxx.xxx.xxx with your IP address and ServerName with your domain name.
Adjust the file names to match your certificate files:
SSLCertificateFile should be your certificate file (eg. your_domain_name.crt).
SSLCertificateKeyFile should be the key file generated when you created the CSR.
SSLCertificateChainFile should be the intermediate certificate file
Some configuration doesnt work with SSLCertificateChainFile directive, try using the SSLCACertificateFile directive instead.
Step 6: Make sure to Press Esc, save and exit edit mode using:
[code]:wq![/code]
Step 7: Restart Apache