| This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation. |
Difference between revisions of "SSL Certificate"
(→Installing the certificate) |
(→Generate Certificate request file) |
||
| (6 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder: | If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder: | ||
| − | <pre>/etc/apache2/ssl</ | + | <pre>mkdir /etc/apache2/ssl</pre> |
| − | + | Go to the folder: | |
| + | <pre>cd /etc/apache2/ssl</pre> | ||
| + | Run command: | ||
<pre>openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr</pre> | <pre>openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr</pre> | ||
| Line 32: | Line 34: | ||
Edit the new file to and change the port number on top: | Edit the new file to and change the port number on top: | ||
<pre> | <pre> | ||
| − | <VirtualHost *: | + | <VirtualHost *:443> |
</pre> | </pre> | ||
| Line 40: | Line 42: | ||
SSLCertificateKeyFile /etc/apache2/ssl/server.key | SSLCertificateKeyFile /etc/apache2/ssl/server.key | ||
SSLCertificateFile /etc/apache2/ssl/server.crt | SSLCertificateFile /etc/apache2/ssl/server.crt | ||
| − | SSLCACertificateFile /etc/apache2/ssl/ | + | SSLCACertificateFile /etc/apache2/ssl/CAroot.crt |
</pre> | </pre> | ||
You should get the server.crt and CARoot.crt from the SSL authority. | You should get the server.crt and CARoot.crt from the SSL authority. | ||
| + | |||
| + | After making these changes you must restart Apache: | ||
| + | |||
| + | <pre> | ||
| + | /etc/init.d/apache2 restart | ||
| + | </pre> | ||
| + | |||
| + | ==Forcing SSL== | ||
| + | If you'd like to force SSL for all connections then edit /etc/apache2/sites-enabled/000-default and enter the following: | ||
| + | |||
| + | <pre> | ||
| + | <VirtualHost *:80> | ||
| + | ServerAdmin admin@example.com | ||
| + | ServerName groupoffice.example.com | ||
| + | |||
| + | DocumentRoot /var/www | ||
| + | |||
| + | Redirect permanent / https://groupoffice.example.com/groupoffice | ||
| + | Redirect permanent /groupoffice https://groupoffice.example.com/groupoffice | ||
| + | </VirtualHost> | ||
| + | </pre> | ||
| + | After making these changes you must restart Apache: | ||
| + | |||
| + | <pre> | ||
| + | /etc/init.d/apache2 restart | ||
| + | </pre> | ||
Latest revision as of 09:09, 31 August 2012
An SSL certificate is required for a secure connection to the web server. Your URL will be prefixed with https:// instead of http://
Generate Certificate request file
If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder:
mkdir /etc/apache2/ssl
Go to the folder:
cd /etc/apache2/ssl
Run command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where server is the name of your server.
This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.
When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing. If you are generating an Apache CSR for a Wildcard SSL Certificate your common name should start with an asterisk (such as *.example.com).
You will then be prompted for your organizational information, beginning with geographic information. There may be default information set already. Don't set a challenge password.
This will then create your openssl .csr file which you can use to order your certificate.
Installing the certificate
To enable the SSL module for apache run the command:
a2enmod ssl
Then make a new virtual host file:
cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/001-ssl
Edit the new file to and change the port number on top:
<VirtualHost *:443>
At the end just before </VirtualHost> add:
SSLEngine On SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLCertificateFile /etc/apache2/ssl/server.crt SSLCACertificateFile /etc/apache2/ssl/CAroot.crt
You should get the server.crt and CARoot.crt from the SSL authority.
After making these changes you must restart Apache:
/etc/init.d/apache2 restart
Forcing SSL
If you'd like to force SSL for all connections then edit /etc/apache2/sites-enabled/000-default and enter the following:
<VirtualHost *:80>
ServerAdmin admin@example.com
ServerName groupoffice.example.com
DocumentRoot /var/www
Redirect permanent / https://groupoffice.example.com/groupoffice
Redirect permanent /groupoffice https://groupoffice.example.com/groupoffice
</VirtualHost>
After making these changes you must restart Apache:
/etc/init.d/apache2 restart
