Tuesday, 21 February 2012

Setting up an SSL website in CentOS/Ubuntu if there is no control panel

This guide will explain how to set up a site over https.

1. Get the required software
~~~~~~~~~~~~~~~~~
For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.

Use yum to install following, if centos

======================
yum install mod_ssl openssl
======================

Use apt-get to install following, if ubuntu

========================
apt-get install apache2 apache2-common;
========================

Now run following command in ubuntu to enable mod_ssl

================
a2enmod ssl
================

Yum will either tell you they are installed or will install them for you.

2. Generate CSR & purchase SSL
~~~~~~~~~~~~~~~~~~~~~
Get it done as per following KB article.

[ article:832 ]Generating CSR for Customers & Guidelines for SSL installation requests

3. Create /etc/httpd/conf.d/example.com.conf, if centos.

If ubuntu, create /etc/apache2/sites-available/example.com. Now, run following command.

================
a2ensite example.com
================

Now, add following contents in /etc/httpd/conf.d/example.com.conf or /etc/apache2/sites-available/example.com.

==============================
NameVirtualHost 192.168.1.56:443

ServerAdmin admin@example.com
DocumentRoot /var/www/html/example_www/
ServerName server1.example.com
ServerAlias www.example.com
ErrorLog logs/example.com-error_log
CustomLog logs/example.com-access_log common

Allowoverride All


NameVirtualHost 192.168.1.56:443

SSLEngine on
SSLCertificateFile /etc/ssl/example.com.crt
SSLCertificateKeyFile /etc/ssl/example.com.key
SSLCACertificateFile /etc/ssl/example.com.ca

Allowoverride All

ServerAdmin admin@example.com
DocumentRoot /var/www/html/example_com_www/
ServerName server1.example.com
ServerAlias www.example.com
ErrorLog logs/example.com-error_log
CustomLog logs/example.com-access_log common

===============================

Make sure following.

(i) IP 192.168.1.56 is replaced with correct IP address
(ii) example.com is replaced with correct domain name
(iii) document root is /var/www/html/example_com_www/

3. Create /etc/ssl/

4. Save Cert, Key & Intermediate CA as given below.

Cert: /etc/ssl/example.com.crt
Key: /etc/ssl/example.com.key
Intermediate CA: /etc/ssl/example.com.ca

/etc/init.d/httpd restart [ centos]
/etc/init.d/apache2 restart [ubuntu]

5. Access website using https://192.168.1.56:443 and ensure that it is working fine.


Ubuntu reference: https://help.ubuntu.com/10.04/serverguide/C/httpd.html

No comments: