Monday, April 5, 2010

GoDaddy Wildcard SSL & Apache2 on SuSE 11.2

Basics

To setup Apache2 with an SSL certificate you'll need the following:

  • A key – Require to generate a CSR
  • Certificate Signing Request – Require by GoDaddy to generate a certificate
  • Your Certificate
  • GoDaddy's certificate bundle


 

To Generate a Triple-DES Encrypted Key Pair and a Certificate Signing Request (CSR)

In a command prompt, enter the following, pressing Enter after each line:

  1. cd /usr/bin/ (/your path to openssl/)
    Enter a passphrase when prompted to. Be sure not to forget otherwise you'll have to start all over again.
  2. openssl genrsa -des3 -out <name of your certificate>.key 2048
  3. openssl req -new -key <name of your certificate>.key -out <name of your certificate>.csr

Fill in the following

  • Enter Country Name (2 letter code): NG
  • State or Province Name: Lagos
  • Organization Name: Organic Ltd.
  • Common Name
  • Email Address 

IMPORTANT

Do not enter a challenge password. Why? This would cause an error when you submit your CSR to GoDaddy.

Now that you have your key and CSR you can generate your SSL Certificate. Copy the contents of your CSR and follow the steps outlined here.

http://help.godaddy.com/article/562

Download your SSL Certificate for Apache and copy them to your server and follow the instructions here

http://help.godaddy.com/topic/742/article/5238
Download your SSL Certificate for Apache and copy them to your server and follow the instructions below:

To Install SSL and Intermediate Certificates

Copy your SSL certificate file and the certificate bundle file to your Apache server. You should already have a key file on the server from when you generated your certificate request. You should copy the files to their respective folders found in Apache's configuration folder /etc/apache2/

/etc/apache2/ssl.crt/

/etc/apache2/ssl.csr/

/etc/apache2/ssl.key/

Install Certificate From YaST

  • Startup yast from the terminal. I recommend this because once you select the certificate key you'll have to enter the pass-phrase. If you use the GUI tool then it would freeze un
  • Goto Network Services -> HTTP Server
  • Create A new vHost for your domain and select the server key and certificate
  • Edit configuration file and add the following below the SSLCertificateKeyFile

SSLCertificateChainFile /etc/apache2/ssl.crt/gd_bundle.crt

Restart Apache.

Install Certificate From Terminal

Modify you apache configuration host/vhost file. You'll need to tell apache where your certificate key is and your certificate

<VirtualHost *:443>

DocumentRoot /srv/www/htdocs/

ServerName example.com

ServerAdmin info@example.com

<Directory /srv/www/htdocs/>

AllowOverride All

Order allow,deny

Allow from all

</Directory>

<IfDefine SSL>

SSLCertificateFile /etc/apache2/ssl.crt/example.com.crt

SSLCertificateKeyFile /etc/apache2/ssl.key/ example.com.key

SSLCertificateChainFile /etc/apache2/ssl.crt/gd_bundle.crt

SSLEngine on

</IfDefine>

</VirtualHost>

By-pass pass-phrase dialog on Startup

After restarting apache, you'll notice a prompt for a your pass-phrase. If you used the GUI tool, the YaST process may freeze as a result.

  1. Remove the encryption from the RSA private key (while keeping a backup copy of the original file):
    # cp server.key server.key.org
    # openssl rsa -in server.key.org -out server.key


     

  2. Make sure the server.key file is only readable by root:
    # chmod 400 server.key

Save your configuration file and restart Apache.

Force SSL/https using .htaccess and mod_rewrite

In certain scenarios you may want to force a secure connection to your web server. You can achieve this easily and flexibly with .htaccess and mod_rewrite.

  1. Make sure your Host's AllowOverride is set to All in your vhost configuration file.
  2. Make sure mod_rewrite is enabled. You can do that using the following command

    # a2enmod rewrite

  3. Create a .htaccess file in your web-root folder /srv/www/htdocs/ and add the following content

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Resources

http://help.godaddy.com/topic/746/article/5269

http://help.godaddy.com/article/562

http://www.besthostratings.com/articles/force-ssl-htaccess.html


 

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
Posted by at

3 comments:

  1. AnonymousApril 15, 2010 at 10:15 AM

    I've recently purchased a ServerSign Wildcard from SSL247, which offered great value and service. I know this is specific for a GoDaddy Wildcard SSL Certificate, but I still found it quite insightful.

    ReplyDelete
  2. Irma GarrishNovember 29, 2010 at 2:25 AM

    This comment has been removed by the author.

    ReplyDelete
  3. AnonymousJanuary 16, 2013 at 1:57 AM

    Wildcard SSL Certificates program, an organization can ensure that dozens or hundreds of sub domains hosted in one server farm are protected for both handshake functions, which involve user and server authentication and verification, and any of the array of typical server data transfers, including Microsoft Exchange versions 2007 and 2010, Outlook Web Access, e-commerce shopping carts and private postings of customers and commenter’s. In fact, each of these functions can have their own sub domains with complete security.

    Thawte WildCard SSL | GeoTrust WildCard SSL

    ReplyDelete

Subscribe to: Post Comments (Atom)