Everything on SSL

So we want everything encrypted while traversing the internet, our solution – SSL everything. First, we need to get ourselves an SSL certificate. Commercial ones are great because they’re already on major browsers and won’t trigger those nasty warnings. Encryption-wise though, they’re just the same as self-signed ones.

1. Create a self-signed certificate:

yum install mod_ssl
mkdir /etc/httpd/ssl
openssl req -new -x509 -days 365 -nodes -out /etc/httpd/ssl/httpd.pem -keyout /etc/httpd/ssl/httpd.key

2. Configure apache to use the self-signed certificate

<VirtualHost 12.34.56.78:443>
     SSLEngine On
     SSLCertificateFile /etc/httpd/ssl/httpd.pem
     SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
     ServerAdmin info@mydomain.com
     ServerName www.mydomain.com
     DocumentRoot /srv/www/mydomain.com/public_html/
     ErrorLog /srv/www/mydomain.com/logs/error.log
     CustomLog /srv/www/mydomain.com/logs/access.log combined
</VirtualHost>

3. Redirect http to https

<VirtualHost 12.34.56.78:80>
     ServerAdmin info@mydomain.com
     ServerName www.mydomain.com
     Redirect permanent / https://www.mydomain.com/
     DocumentRoot /srv/www/mydomain.com/public_html/
     ErrorLog /srv/www/mydomain.com/logs/error.log
     CustomLog /srv/www/mydomain.com/logs/access.log combined
</VirtualHost>

References:

Advertisements

3 thoughts on “Everything on SSL

  1. Neverho0d

    In 3. all directives you really need is 4th, all others is redundant. I use such solution for webmail clients (Roundcube, etc.).

    Like

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s