[wplug] SSL, Apache and Debian?

Douglas Green diego96 at mac.com
Wed Jan 27 01:51:47 EST 2010 

Thank you Andrew and Brian for your help! I found it Very Hard to wade  
through tons of outdated documentation! One of the downsides of  
content on the web is that it's Rarely Dated (super frustrating).  
Consequently, I found myself trying all kinds of stuff that didn't  
really apply to my setup. Eventually I pieced it together, and someone  
in the future may find the following notes helpful:

1) First off, GoDaddy has an odd "Re-Key" function in their security  
certs menu, and you cannot Download a cert for anything that is hosted  
on their webhosts. If you're moving to another host (as I'm moving to  
a linode), you MUST create a new Certificate Signing Request (csr) on  
your linux box that you submit (via cut/paste of the text containing  
the csr from ----Begin Signing Request---- to the similar tail end  
text).

2) Instructions for creating the CSR (which, again, is done on your  
linux box) are pretty easy to find, GoDaddy has instructions on their  
site. HOWEVER, for some reason I had to run these command As Root and  
only from within the directory /etc/apache2. Nothing else worked, and  
I don't know why. So there it is, if you're having a hard time at this  
step, try running as root from within that directory.

3) So now that you've created the csr text file and submitted the csr  
to your ssl certificate authority (godaddy), you can now Download your  
Certificate. In addition to you certificate, GoDaddy also uses an  
"Intermediate Certificate" that will be included the a zipped  
directory, bundled with your cert for your downloading pleasure. Put  
them both somewhere safe (say... /etc/apache2/ssl/ and chmod 400 to  
both), and configure Apache2 to work with it (see below):

4) Apache2.x has virtual hosts enabled by default (at least in my  
setup), you will find a "default-ssl" virtual host config under  
something like /etc/apache2/sites-available/  	Modify this file as  
needed, there are several decent how-to's like this one (this is the  
best one I found): 	
http://www.howtoforge.com/how-to-set-up-an-ssl-vhost-under-apache2-on-ubuntu-9.10-debian-lenny

5) You can remove the CSR file that you initially generated.

This worked for me. I can now connect to my site via https://, though  
I'm still working out the kinks of drupal and ssl. Thanks again!!
-Doug



On Jan 26, 2010, at 9:23 PM, Brian A. Seklecki (mobile) wrote:

> On Mon, 2010-01-25 at 21:50 -0800, Douglas Green wrote:
>> "SSL certificate" from GoDaddy,
>
> Godaddy and others use "Intermediate Certs", which can be tricky the
> first time around.
>
> Also, in all of the documentation I've seen over the last decade for
> Apache+OpenSSL, I've never seen anything acceptable.  Feel free to  
> ping
> me offline if you need specific assistance.
>
>
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug

More information about the wplug mailing list