Translations:Configuring Apache to use SSL/6/en: Difference between revisions

Jump to navigation Jump to search
Importing a new version from external source
(Importing a new version from external source)
(Importing a new version from external source)
Line 1: Line 1:
The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine in our clouds, it should look similar to the example response except that the string of Xs should be replaced with the floating-IP associated with the virtual machine.
The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine in our clouds, it should look similar to the example response except that the string of Xs should be replaced with the floating IP associated with the virtual machine.
</li>
</li>
<li><b>Set ownership and permissions</b><br/>
<li><b>Set ownership and permissions</b><br/>
Line 5: Line 5:
</li>
</li>
<li><b>Configure Apache to use the certificate</b><br/>
<li><b>Configure Apache to use the certificate</b><br/>
Edit Apache's ssl configuration file with
Edit Apache's SSL configuration file with
{{Command|sudo vim /etc/apache2/sites-available/default-ssl.conf}}
{{Command|sudo vim /etc/apache2/sites-available/default-ssl.conf}}
and change the lines
and change the lines
Line 15: Line 15:
  SSLCertificateChainFile /etc/ssl/certs/server.crt
  SSLCertificateChainFile /etc/ssl/certs/server.crt
</li>
</li>
Also ensure that the <code>DocumentRoot</code> path matches that set in your <code>/etc/apache2/sites-available/000-default.conf</code> file provided that is the site you wish to apply the SSL to.
Assuming that the <code>default-ssl.conf,</code> file is the SSL version of the non-encrypted <code>000-default.conf</code> file for the site, make sure both files have the same <code>DocumentRoot</code> variables.
<br/>
<li><b>Tighten security</b><br/>
<li><b>Tighten security</b><br/>
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding
Force all http traffic to https, require more modern versions of SSL, and use better cipher options first by editing the file with {{Command |sudo vim /etc/apache2/sites-available/default-ssl.conf}} and adding
Line 24: Line 25:
  <nowiki>SSLHonorCipherOrder on</nowiki>
  <nowiki>SSLHonorCipherOrder on</nowiki>
</pre>
</pre>
at the bottom of the entry inside the <code><VirtualHost></code> tag replacing XXX-XXX-XXX-XXX with your VM's IPs (note the '-' are needed in place of '.'). Also, put a redirect directive on our virtual host by editing the default website configuration file with
at the bottom of the entry inside the <code><VirtualHost></code> tag replacing XXX-XXX-XXX-XXX with your VM's public IP (note the '-' are needed in place of '.'). Also, put a redirect directive on our virtual host by editing the default website configuration file with
{{Command| sudo vim /etc/apache2/sites-available/000-default.conf }}and adding the line
{{Command| sudo vim /etc/apache2/sites-available/000-default.conf }}and adding the line
38,760

edits

Navigation menu