Translations:Configuring Apache to use SSL/6/en: Difference between revisions
(Importing a new version from external source) |
(No difference)
|
Revision as of 14:21, 10 November 2016
The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on Compute Canada's cloud it should looks similar to the example response except that the X's should be replace with the floating-IP associated with the virtual machine.
Set the correct ownership and permissions of the private key with:
[name@server ~]$ sudo chown root:ssl-cert /etc/ssl/private/server.key
[name@server ~]$ sudo chmod 640 /etc/ssl/private/server.key
Edit Apache's ssl configuration file with
[name@server ~]$ sudo vim /etc/apache2/sites-available/default-ssl.conf
and change the lines
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
to
SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key SSLCertificateChainFile /etc/ssl/certs/server.crt
Also ensure that the DocumentRoot path matches that set in your /etc/apache2/sites-available/000-default.conf file provided that is the site you wish to apply the SSL to.
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with
[name@server ~]$ sudo vim /etc/apache2/sites-available/default-ssl.conf
ServerName XXX-XXX-XXX-XXX.cloud.computecanada.ca ServerAlias www.XXX-XXX-XXX-XXX.cloud.computecanada.ca SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4 SSLHonorCipherOrder on
at the bottom of the entry inside the <VirtualHost> tag replacing the XXX-XXX-XXX-XXX with your VM's IPs (note the '-' are needed in place of '.'). Also put a redirect directive on our virtual host by editing the default website configuration file with:
[name@server ~]$ sudo vim /etc/apache2/sites-available/000-default.conf