Configuring Apache to use SSL: Difference between revisions

Jump to navigation Jump to search

Configuring Apache to use SSL (view source)

Revision as of 19:36, 29 May 2023

15 bytes removed ,  1 year ago
no edit summary
No edit summary
No edit summary
Line 15: Line 15:


==Signed certificate== <!--T:9-->
==Signed certificate== <!--T:9-->
Having a certificate signed by a [https://en.wikipedia.org/wiki/Certificate_authority Certificate Authority] (CA) allows visitors of the site to verify by a third party (the CA) that the website is the expected website, avoiding [https://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle-attacks]. Many CAs require a yearly fee, but one which does not is [https://letsencrypt.org/ Let's Encrypt] CA. Certbot is a tool for automatically creating and renewing an SSL certificate signed by the Let's Encrypt CA and automatically configures your web server to use the SSL certificate. The main [https://certbot.eff.org/ Certbot] page tells you everything you need to know to get started quickly. For additional details on Cerbot, see the [https://certbot.eff.org/docs/ certbot docs].
Having a certificate signed by a [https://en.wikipedia.org/wiki/Certificate_authority Certificate Authority] (CA) allows visitors to ensure they are accessing the right website, which avoids [https://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle-attacks]. Many CAs require a yearly fee, but one which does not is [https://letsencrypt.org/ Let's Encrypt] CA. Certbot is a tool that automatically creates or renews an SSL certificate signed by the Let's Encrypt CA and it automatically configures your web server to use the SSL certificate. The main [https://certbot.eff.org/ Certbot] page tells you everything you need to know to get started quickly. For additional details on Cerbot, see the [https://certbot.eff.org/docs/ certbot docs].


==Self-signed certificate== <!--T:10-->
==Self-signed certificate== <!--T:10-->
Line 57: Line 57:
  SSLCertificateChainFile /etc/ssl/certs/server.crt
  SSLCertificateChainFile /etc/ssl/certs/server.crt
</li>
</li>
Also ensure that the <code>DocumentRoot</code> path matches that set in your <code>/etc/apache2/sites-available/000-default.conf</code> file provided that is the site you wish to apply the SSL to.
Assuming that the <code>default-ssl.conf,/code> file is the SSL version of the non-encrypted <code>000-default.conf</code> file for the site, make sure both files have the same <code>DocumentRoot</code> variables.
<li><b>Tighten security</b><br/>
<li><b>Tighten security</b><br/>
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding
Line 66: Line 66:
  <nowiki>SSLHonorCipherOrder on</nowiki>
  <nowiki>SSLHonorCipherOrder on</nowiki>
</pre>
</pre>
at the bottom of the entry inside the <code><VirtualHost></code> tag replacing XXX-XXX-XXX-XXX with your VM's IPs (note the '-' are needed in place of '.'). Also, put a redirect directive on our virtual host by editing the default website configuration file with
at the bottom of the entry inside the <code><VirtualHost></code> tag replacing XXX-XXX-XXX-XXX with your VM's public IP (note the '-' are needed in place of '.'). Also, put a redirect directive on our virtual host by editing the default website configuration file with
{{Command| sudo vim /etc/apache2/sites-available/000-default.conf }}and adding the line
{{Command| sudo vim /etc/apache2/sites-available/000-default.conf }}and adding the line


Diane27
rsnt_translations
56,420

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/137193"

Navigation menu