In order to setup a free certificate on apache server using Ubuntu 10.04 you need to follow the following steps.
Step 1 : Install ‘apache’ if you dont have any by following the given command i.e.
sudo apt-get install apache2
Step 2 : install ‘ssl3′ by following the command
sudo apt-get install ssl3
Step 3 : install ‘libssl-dev’ by following the command
sudo apt-get install libssl-dev or sudo apt-get install openssl openssl-develu
Step 4 : Enable the SSL module by
sudo a2enmod ssl
Step 5 : Make a directory for ssl
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
mkdir private
mkdir certs Note:(if the ssl, certs, private folders already exist there no need to create extra)
Step 6 : Create your own privete key
sudo openssl genrsa -out ~/ssl foldername/key name size
e.g. sudo openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048
Step 7 : Create csr
sudo openssl req -new -key ~/domain.com.ssl/domain.com.key - out ~/domain.com.ssl/ domain.com.csr
Step 8 : Move the keys to /etc/ssl/certs
mv domain.com.crt /etc/ssl/certs/ mv domain.com.key /etc/ss/private/
Note:(if you have the bundle-file key from CA then mv sf_bundle.crt /etc/ssl/certs)
Step 9 : Configure your ssl
cd /etc/apache2/sites-available/
cp default default-ssl
vi default-ssl
do the following changes:
<IfModule>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot "/var/www/sitefolder"
ServerName xyz.com:443
<Directory />
. . . . no change
</Directory>
#SSL Engine Switch: #Enable/Disable SSL for this virtual host.
SSLEngine on#SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/domain.com.crt SSLCertificateKeyFile /etc/ssl/private/domain.com.key
#Note:(if you have the CV bundle.cert then uncomment the line and correct the path to sf_bundle.crt)
#Server Certificate Chain:
#SSLCertificateFile
/etc/ssl/certs/sf_bundle.crt
</VirtualHost>
</IfModule>
Step 10 : Check for port 443 on server:
sudo vi /etc/apache2/port.conf
<IfModule mod_ssl.c> Listen 443 </IfModule>
<IfModule mod_gnutls.c> Listen 443 </IfModule>
Step 11 : Force fully Redirect the http traffic to https, in case you want the site be only accessible through https
vi /etc/apache2/sites-available/virtual-host-80(xyz.com)
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin webmaster@xyz.com
ServerName xyz.com
Redirect / https://xyz.com ServerAlias xyz.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.php
DocumentRoot /var/www/sitefolder
<Directory /var/www/sitefolder/>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
# Custom log file locations
LogLevel warn
ErrorLog /var/log/apache2/xyz_error.log
CustomLog /var/log/apache2/xyz_access.log combined
</VirtualHost>
Step 12 : restart you apache2 server
/etc/init.d/apache2 reload
Step 13 : Voila ! you are done now check your site
https://sitename
imran
April 4, 2011 at 10:37 am
i have implemented ssl with this configuration and its work fine.
imran
June 29, 2011 at 7:13 pm
how to reset the root user password for webmin:
find the file changepass.pl
sudo / -iname ‘changepass.pl’
sudo /usr/share/webmin/changepass.pl /etc/webmin/ root root@123
then you can login to webmine:
localhost:10000
username: root
password:root@123
good luck:
Regards:
imran