Tag Archive | "ssl"

Tags: ,

Linux SSL configuration tutorial


Generate SSL CSR

ssh to server

1.#cd /shfs/etc/ssl

2.#openssl genrsa -out domainname.key 1024 (change domainname to the actual domain name)

3.#openssl req -new -key domainname.key -out domainname.csr (change domainname with the actual domain)

Import certificate from .PFX

1. you can optionally export the certificate from windows to a .pfx file

2. openssl pkcs12 -in site.pfx -out site.pem -nodes

3. now  open the .pem file with a text editor.
first part is the private key, you copy this part and safe it as site.key
2nd part is public key, you copy this part and safe as site.crt
3rd part is parent certificate public key. no need to touch it.

Create ssl apache configuration file

once you have get the certificate, you need to edit the /etc/httpd/conf/ssl.conf

add the follow template:

<VirtualHost xx.xx.xx.myip:443>
SSLEngine on

SSLCACertificatePath /etc/ssl
SSLCertificateFile /etc/ssl/userdomain.com.crt
SSLCertificateKeyFile /etc/ssl/userdomain.com.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/secure/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Directory "/var/www/secure">
Options +ExecCGI
AddHandler cgi-script cgi pl py
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

DocumentRoot /home/username/folderpath/
ServerName userdomain.com
ServerAlias www.userdomain.com

<Directory /home/username/folderpath/>
AddHandler cgi-script cgi pl do
Options +Includes
Options +ExecCGI
AllowOverride All
Order allow,deny
allow from all
</Directory>

</VirtualHost>

<VirtualHost xx.xx.xx.ip:80>
DocumentRoot /home/username/folderpath/
ServerName userdomain.com
ServerAlias www.userdomain.com

<Directory /home/username/folderpath/>
AddHandler cgi-script cgi pl do
Options +Includes
Options +ExecCGI
AllowOverride All
Order allow,deny
allow from all
</Directory>

CustomLog /var/log/httpd/access_log vcommon
ErrorLog /var/log/httpd/clientError_log
</VirtualHost>

Share

Posted in Linux-Apache-PHPComments (4)