{"id":1079,"date":"2013-03-28T20:46:51","date_gmt":"2013-03-28T20:46:51","guid":{"rendered":"http:\/\/invisiblezero.net\/?p=596"},"modified":"2013-03-28T20:46:51","modified_gmt":"2013-03-28T20:46:51","slug":"unix-setup-https-virtual-hosts","status":"publish","type":"post","link":"http:\/\/ndthanh.com\/unix-setup-https-virtual-hosts\/","title":{"rendered":"Unix – Setup HTTPS virtual hosts"},"content":{"rendered":"
<\/p>\n
SSL is an essential part of creating a secure Apache site. SSL certificates allow you encrypt all the traffic sent to and from your Apache web site to prevent others from viewing all of the traffic. It uses public key cryptography to establish a secure connection. This means that anything encrypted with a public key (the SSL certificate) can only be decrypted with the private key (stored only on the server) and vice versa.<\/p>\n
<\/p>\n
Note: If you have money to spend on trusted SSL certificate, great! buy it and go straight to step 2 ( i suggest you buy certificate, self-signed certificate is only good for development environment. if you use self-signed certificates for your production site, you audience will get bad warning message).<\/em><\/span><\/p>\n 1.Generate Your Apache Self Signed Certificate<\/strong> You will be prompted to enter your organizational information and a common name. The common name should be the fully qualified domain name for the site you are securing like this : www.mydomain.com (though you can use any name if you want). You can leave the email address, challenge password, and optional company name blank. When the command is finished running, it will create two files: a server.key file and a server.crt self signed certificate file valid for 365 days.<\/p>\n 2.Install Your Certificate<\/strong> In most cases, you will find the <VirtualHost> blocks in a separate file in a directory like \/etc\/httpd\/vhosts.d\/ or \/etc\/httpd\/sites\/. Add the lines in bold below.<\/p>\n Change the names of the files and paths to match your certificate files. Save the changes and exit the text editor. use one of the following commands:<\/p>\n now you can access your site using https protocol.<\/p>\n Some things to remember:<\/p>\n SSL is an essential part of creating a secure Apache site. SSL certificates allow you encrypt all the traffic sent to and from your Apache web site to prevent others from viewing all of the traffic. It uses public key cryptography to establish a secure connection. This means that anything encrypted with a public key…<\/p>\n
\nRemember to verify that OpenSSL is already installed on you computer. If it’s not there, you can install it with apt-get, yum or brew (for Mac OSX)
\nOnce you have OpenSSL installed, just run this one command to create an Apache self signed certificate:<\/p>\n\nopenssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt\n<\/pre>\n
\nNow, you just need to configure your Apache virtual host to use the SSL certificate. If you only have one Apache virtual host to secure and you have an ssl.conf (or httpd-ssl.conf) file being loaded, you can just edit that file. Otherwise, you will need to make a copy of the existing non-secure virtual host, paste it below, and change the port from port 80 to 443.
\nOpen your Apache configuration file in a text editor. location of file can be different depend on operating system you’re using.<\/p>\n\n\nvi \/etc\/apache2\/httpd.conf\n\nor...\n\nvi \/etc\/httpd\/httpd.conf\n\n<\/pre>\n
\n<VirtualHost *:443>\nDocumentRoot \/var\/www\/website\nServerName www.domain.com\nSSLEngine onhttps:\/\/ndthanh.net\/wp-admin\/post.php?post=596&action=edit&message=1\nSSLCertificateFile \/etc\/ssl\/crt\/primary.crt\nSSLCertificateKeyFile \/etc\/ssl\/crt\/private.key\nSSLCertificateChainFile \/etc\/ssl\/crt\/intermediate.crt\n<\/VirtualHost>\n<\/pre>\n
\n3.Restart your Apache web server<\/strong><\/p>\n\n\nsudo apachectl restart\n\nor ..\n\nsudo service httpd restart\n\n<\/pre>\n
\n\n