38,760
edits
Translations:Configuring Apache to use SSL/6/en: Difference between revisions
Jump to navigation
Jump to search
Translations:Configuring Apache to use SSL/6/en (view source)
Revision as of 20:25, 25 May 2023
, 1 year agoImporting a new version from external source
(Importing a new version from external source) Tags: Mobile edit Mobile web edit |
(Importing a new version from external source) |
||
| Line 1: | Line 1: | ||
The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on our clouds, it should look similar to the example response except that the X's should be | The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on our clouds, it should look similar to the example response except that the X's should be replaced with the floating-IP associated with the virtual machine. | ||
</li> | </li> | ||
<li> | <li><b>Set ownership and permissions</b><br/> | ||
Set the correct ownership and permissions of the private key with: {{Commands|sudo chown root:ssl-cert /etc/ssl/private/server.key|sudo chmod 640 /etc/ssl/private/server.key}} | Set the correct ownership and permissions of the private key with: {{Commands|sudo chown root:ssl-cert /etc/ssl/private/server.key|sudo chmod 640 /etc/ssl/private/server.key}} | ||
</li> | </li> | ||
<li> | <li><b>Configure Apache to use the certificate</b><br/> | ||
Edit Apache's ssl configuration file with | Edit Apache's ssl configuration file with | ||
{{Command|sudo vim /etc/apache2/sites-available/default-ssl.conf}} | {{Command|sudo vim /etc/apache2/sites-available/default-ssl.conf}} | ||
| Line 16: | Line 16: | ||
</li> | </li> | ||
Also ensure that the <code>DocumentRoot</code> path matches that set in your <code>/etc/apache2/sites-available/000-default.conf</code> file provided that is the site you wish to apply the SSL to. | Also ensure that the <code>DocumentRoot</code> path matches that set in your <code>/etc/apache2/sites-available/000-default.conf</code> file provided that is the site you wish to apply the SSL to. | ||
<li> | <li><b>Tighten security</b><br/> | ||
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding | Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding | ||
<pre> | <pre> | ||