[wplug] SSL, Apache and Debian?
Douglas Green
diego96 at mac.com
Wed Jan 27 01:51:47 EST 2010
Thank you Andrew and Brian for your help! I found it Very Hard to wade
through tons of outdated documentation! One of the downsides of
content on the web is that it's Rarely Dated (super frustrating).
Consequently, I found myself trying all kinds of stuff that didn't
really apply to my setup. Eventually I pieced it together, and someone
in the future may find the following notes helpful:
1) First off, GoDaddy has an odd "Re-Key" function in their security
certs menu, and you cannot Download a cert for anything that is hosted
on their webhosts. If you're moving to another host (as I'm moving to
a linode), you MUST create a new Certificate Signing Request (csr) on
your linux box that you submit (via cut/paste of the text containing
the csr from ----Begin Signing Request---- to the similar tail end
text).
2) Instructions for creating the CSR (which, again, is done on your
linux box) are pretty easy to find, GoDaddy has instructions on their
site. HOWEVER, for some reason I had to run these command As Root and
only from within the directory /etc/apache2. Nothing else worked, and
I don't know why. So there it is, if you're having a hard time at this
step, try running as root from within that directory.
3) So now that you've created the csr text file and submitted the csr
to your ssl certificate authority (godaddy), you can now Download your
Certificate. In addition to you certificate, GoDaddy also uses an
"Intermediate Certificate" that will be included the a zipped
directory, bundled with your cert for your downloading pleasure. Put
them both somewhere safe (say... /etc/apache2/ssl/ and chmod 400 to
both), and configure Apache2 to work with it (see below):
4) Apache2.x has virtual hosts enabled by default (at least in my
setup), you will find a "default-ssl" virtual host config under
something like /etc/apache2/sites-available/ Modify this file as
needed, there are several decent how-to's like this one (this is the
best one I found):
http://www.howtoforge.com/how-to-set-up-an-ssl-vhost-under-apache2-on-ubuntu-9.10-debian-lenny
5) You can remove the CSR file that you initially generated.
This worked for me. I can now connect to my site via https://, though
I'm still working out the kinks of drupal and ssl. Thanks again!!
-Doug
On Jan 26, 2010, at 9:23 PM, Brian A. Seklecki (mobile) wrote:
> On Mon, 2010-01-25 at 21:50 -0800, Douglas Green wrote:
>> "SSL certificate" from GoDaddy,
>
> Godaddy and others use "Intermediate Certs", which can be tricky the
> first time around.
>
> Also, in all of the documentation I've seen over the last decade for
> Apache+OpenSSL, I've never seen anything acceptable. Feel free to
> ping
> me offline if you need specific assistance.
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
More information about the wplug
mailing list