Everything on SSL

So we want everything encrypted while traversing the internet, our solution – SSL everything. First, we need to get ourselves an SSL certificate. Commercial ones are great because they’re already on major browsers and won’t trigger those nasty warnings. Encryption-wise though, they’re just the same as self-signed ones.

1. Create a self-signed certificate:

yum install mod_ssl
mkdir /etc/httpd/ssl
openssl req -new -x509 -days 365 -nodes -out /etc/httpd/ssl/httpd.pem -keyout /etc/httpd/ssl/httpd.key

2. Configure apache to use the self-signed certificate

<VirtualHost 12.34.56.78:443>
     SSLEngine On
     SSLCertificateFile /etc/httpd/ssl/httpd.pem
     SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
     ServerAdmin info@mydomain.com
     ServerName www.mydomain.com
     DocumentRoot /srv/www/mydomain.com/public_html/
     ErrorLog /srv/www/mydomain.com/logs/error.log
     CustomLog /srv/www/mydomain.com/logs/access.log combined
</VirtualHost>

3. Redirect http to https

<VirtualHost 12.34.56.78:80>
     ServerAdmin info@mydomain.com
     ServerName www.mydomain.com
     Redirect permanent / https://www.mydomain.com/
     DocumentRoot /srv/www/mydomain.com/public_html/
     ErrorLog /srv/www/mydomain.com/logs/error.log
     CustomLog /srv/www/mydomain.com/logs/access.log combined
</VirtualHost>

References:

3 Comments

  1. Neverho0d says:

    In 3. all directives you really need is 4th, all others is redundant. I use such solution for webmail clients (Roundcube, etc.).

    Like

  2. Fuzzie says:

    Try this free service for SSL certs. The free certificates it produces are recognized by all major browsers. Since, you’re forcing it on, might as well make the website more friendly for visitors.

    Like

    1. herson says:

      I found GoDaddy’s Free SSL for Open Source projects more straightforward.

      Like

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.