Thursday, July 15, 2010

SSL using website -- Setting up the server

First of all you need to realize that SSL doesn't work for name based virtual hosts so it needs to be an ip. Technically 1 SSL using host does work it does but the SSL cert is shared for all sites and this is a serious issue from a business/search engine/customer point of view.

  1. Check that you have completed the basic ssl module set up
    sudo a2enmod ssl
    

    And check that the server is listening on 443. either netstat antp for it or grep for the Listen line in the apache2 config files.
    Listen 443
    

  2. Choose a new ip address for the ssl version of the server. Lets say we pick the IP: 192.168.1.200. Once you have gotten the crt back from the provider move it into place and remember to chown and chmod it for root only

    Lets assume we placed it at; /etc/apache2/ss/www.mysite.com.crt


  3. Now to multi-home the server (ie give it the new ip address to play with). You do this by editing and appending the following to /etc/network/interfaces
    #this is mysite's ip for its ssl
    auto eth0:1
      iface eth0:1 inet static
      address 192.168.1.200
      netmask 255.255.255.0
      network 192.168.1.0
      broadcast 192.168.1.255

    Remember to update your DNS server if needed

  4. Then add a new virtual host for the SSL version of the site.

    <VirtualHost 192.168.1.200:443>
      ... COPY OF NON-SSL VERSIONS SETTINGS ...
    
      SSLEngine On
      SSLCertificateKeyFile   /etc/apache2/ssl/www.mysite.com.key
      SSLCertificateFile      /etc/apache2/ssl/www.mysite.com.crt
    </VirtualHost>
    
I may have missed a few things since my servers have been serving SSL for a long time now. Refer:
https://help.ubuntu.com/8.04/serverguide/C/httpd.html https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html

No comments:

Post a Comment