Apache Https SSL and Certificate Portal

How Configure HTTPS Secure Sockets Layer with a Certificate Authority (CA)

Pre-Conditions

  • Apache2, WordPress, OpenSSL must be installed

Website Security, SSL, HTTPS, Public/Private Keys and Certificate Related Links

The Key HowTo guides cover website security and relate to the below products, technologies, content management systems, scripting languages and script/key files.

  1. Apache2 Web Server
  2. SSL (Secure Sockets Layer)
  3. HTTPS (HyperText Transfer Protocol Secure)
  4. PK (Public / Private Key) Encryption
  5. OpenSSL – Open Source SSL Utilities
  6. WordPress CMS (Content Management System)
  7. CSR (Certificate Signing Request)
  8. RSA
  9. DN – Distinguished Name
  10. .crt (Certificate File)
  11. .key (Private/Public Key Files)
  12. CA (Certificate Authorities)
  13. Linux / Ubuntu / Bash Shell / Shell Scripts
  14. Apache Configuration
  15. chmod (Change File Permissions)

Generating a CSR from OpenSSL, Getting it Signed by a CA then Configuring Apache and WordPress to use HTTPS

These points are worthy of note when considering SSL, HTTPS and secure web connections.

  • Visitors need to know that the connections are secure
  • WordPress Admin screens must use HTTPS else the passwords will be visible to snoopers
  • Google is crediting sites that use HTTPS on every page – no ifs no buts.
  • Certificate signing can be done by GoDaddy, Verisign, GeoTrust and others
  • Setting a passphrase during the CSR may mean Apache2 webserver will not restart until one is supplied

Note that you can generate the RSA and keys all in one or separately. If separately you can use the below commands

  • OpenSSL command without a passphrase openssl genrsa -out yourdomain.key 1024
  • OpenSSL command with a passphrase openssl genrsa -des3 -out yourdomain.key 1024
  • openssl req -new -key yourdomain.key -out yourdomain.csr

During the certificate signing request creation you will be asked to enter

  • Common Name ➜ build-business-websites.co.uk
  • Organization ➜ Build Business Websites
  • Organization Unit ➜ Online Portal
  • City or Locality ➜ London
  • State or Province ➜ Gt London
  • Country ➜ United Kingdom

Installing the Key Files and Certificates Into Apache

The following key points are worthy of note

  • Name your certificate build-business-websites.crt
  • Remember your private key file is called build-business-websites.key
  • the below block goes into your apache configuration vhost config file
  • Note below to set the VirtualHost to your correct one
  • And you restart Apache

– other config details-
SSLEngine  on
SSLCertificateFile /etc/httpd/conf/ssl.crt/build-business-websites.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/build-business-websites.key

How to Stop Apache Asking for Passphrase on Restart

If apache2 restarts and asks for passphrase and annoys you – you can put a stop to it by regenerating the RSA key file with the below command. Copy your key to build-business-websites.key-with-passphrase and then execute

openssl rsa -in build-business-websites.key-with-passphrase -out build-business-websites.key

Now reinstall the key and then restart apache.

Leave a Reply

Your email address will not be published. Required fields are marked *