Wednesday, October 2, 2013

Apache + StartSSL + SSL (Free SSL for Everyone) or why every site should be SSL enabled.

Quick reference for getting a StartSSL certificate on Apache and Ubuntu server.

0) Review how to enable SSL in Apache first: https://help.ubuntu.com/lts/serverguide/httpd.html#https-configuration

1) Generate the SSL CSR (certificate signing request) with no password:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

2a) Go to http://startssl.com

2b) Click Control Panel -> Validations Wizard -> Domain Validation (you must validate your domain first)

2c) Click Control Panel -> Certificate Wizard (skip automatic generation, paste the server.csr generated from the step 1, select your domain, enter additional domain names)

3) Copy the newly created server certificate from the website to a file called server.crt

4) Download the StartSSL CA bundel from: https://www.startssl.com/certs/sub.class1.server.ca.pem

5) Copy all the new files to the /etc/ssl directory:
cp server.key server.crt server.csr sub.class1.server.ca.pem /etc/ssl

6) Configure Apache with the following lines:
SSLCertificateFile "/etc/ssl/server.crt"
SSLCertificateKeyFile "/etc/ssl/server.key"
SSLCACertificateFile "/etc/ssl/sub.class1.server.ca.pem"

7) Restart Apache.

No comments:

Post a Comment

Followers