cc_staff
1,486
edits
Configuring Apache to use SSL: Difference between revisions
Jump to navigation
Jump to search
Marked this version for translation
No edit summary |
(Marked this version for translation) |
||
| Line 1: | Line 1: | ||
<languages/> | <languages/> | ||
<translate> | <translate> | ||
<!--T:1--> | |||
''Parent page: [[Creating a Webserver on CC-Cloud]]'' | ''Parent page: [[Creating a Webserver on CC-Cloud]]'' | ||
[[Category:CC-Cloud]] | [[Category:CC-Cloud]] | ||
<!--T:2--> | |||
Transport Layer Security (TLS) and formerly Secure Sockets Layer (SSL) are both often referred to as SSL and allow encrypted communications over computer networks. This page describes the procedure for creating a self-signed SSL certificate as apposed to one signed by a [https://en.wikipedia.org/wiki/Certificate_authority Certificate Authority] (CA) and configuring Apache to use it to encrypt communications. Having a certificate signed by a CA allows visitors of the site to verify by a third party (the CA) that the website is the expected website, avoiding [https://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle-attacks]. Self signed certificates should not be used for production sites, though they are useful for small locally used sites and for testing as they are free, as apposed to getting a certificate signed by a CA which usually coats something like $100 a year. | Transport Layer Security (TLS) and formerly Secure Sockets Layer (SSL) are both often referred to as SSL and allow encrypted communications over computer networks. This page describes the procedure for creating a self-signed SSL certificate as apposed to one signed by a [https://en.wikipedia.org/wiki/Certificate_authority Certificate Authority] (CA) and configuring Apache to use it to encrypt communications. Having a certificate signed by a CA allows visitors of the site to verify by a third party (the CA) that the website is the expected website, avoiding [https://en.wikipedia.org/wiki/Man-in-the-middle_attack man-in-the-middle-attacks]. Self signed certificates should not be used for production sites, though they are useful for small locally used sites and for testing as they are free, as apposed to getting a certificate signed by a CA which usually coats something like $100 a year. | ||
<!--T:3--> | |||
The below steps assume you are using the Ubuntu operating system. If using another Linux operating system the steps will be similar but the details will likely be different such as slightly different commands or different locations and names of configuration files. | The below steps assume you are using the Ubuntu operating system. If using another Linux operating system the steps will be similar but the details will likely be different such as slightly different commands or different locations and names of configuration files. | ||
<!--T:4--> | |||
<ol> | <ol> | ||
<li>'''Activate SSL Module'''<br/> | <li>'''Activate SSL Module'''<br/> | ||
| Line 15: | Line 19: | ||
If you are asked for a pass phrase this likely means you missed the <code>-node</code> option, please reissue the command checking it carefully against the above. This command will ask you a series of questions. Below is a list of the questions with example responses: | If you are asked for a pass phrase this likely means you missed the <code>-node</code> option, please reissue the command checking it carefully against the above. This command will ask you a series of questions. Below is a list of the questions with example responses: | ||
Country Name (2 letter code) [AU]:CA | <!--T:5--> | ||
Country Name (2 letter code) [AU]:CA | |||
State or Province Name (full name) [Some-State]:Nova Scotia | State or Province Name (full name) [Some-State]:Nova Scotia | ||
Locality Name (eg, city) []:Halifax | Locality Name (eg, city) []:Halifax | ||
| Line 23: | Line 28: | ||
Email Address []:<your email> | Email Address []:<your email> | ||
<!--T:6--> | |||
The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on Compute Canada's cloud it should looks similar to the example response except that the X's should be replace with the floating-IP associated with the virtual machine. | The most important question to answer is the "Common Name" question which should be the domain name of your server. In the case of a virtual machine on Compute Canada's cloud it should looks similar to the example response except that the X's should be replace with the floating-IP associated with the virtual machine. | ||
</li> | </li> | ||
| Line 52: | Line 58: | ||
{{Command| sudo vim /etc/apache2/sites-available/000-default.conf }}and adding the line | {{Command| sudo vim /etc/apache2/sites-available/000-default.conf }}and adding the line | ||
<nowiki>Redirect permanent / https://XXX-XXX-XXX-XXX.cloud.computecanada.ca</nowiki> | <!--T:7--> | ||
<nowiki>Redirect permanent / https://XXX-XXX-XXX-XXX.cloud.computecanada.ca</nowiki> | |||
<!--T:8--> | |||
inside the <nowiki><VirtualHost></nowiki> tag. | inside the <nowiki><VirtualHost></nowiki> tag. | ||
</li> | </li> | ||