This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation. |
Difference between revisions of "SSL Certificate"
(→Forcing SSL) |
(→Generate Certificate request file) |
||
Line 4: | Line 4: | ||
If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder: | If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder: | ||
− | <pre>/etc/apache2/ssl</ | + | <pre>/etc/apache2/ssl</pre> |
Run command: | Run command: |
Revision as of 13:19, 16 July 2012
An SSL certificate is required for a secure connection to the web server. Your URL will be prefixed with https:// instead of http://
Generate Certificate request file
If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder:
/etc/apache2/ssl
Run command:
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where server is the name of your server.
This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.
When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing. If you are generating an Apache CSR for a Wildcard SSL Certificate your common name should start with an asterisk (such as *.example.com).
You will then be prompted for your organizational information, beginning with geographic information. There may be default information set already. Don't set a challenge password.
This will then create your openssl .csr file which you can use to order your certificate.
Installing the certificate
To enable the SSL module for apache run the command:
a2enmod ssl
Then make a new virtual host file:
cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/001-ssl
Edit the new file to and change the port number on top:
<VirtualHost *:443>
At the end just before </VirtualHost> add:
SSLEngine On SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLCertificateFile /etc/apache2/ssl/server.crt SSLCACertificateFile /etc/apache2/ssl/CAroot.crt
You should get the server.crt and CARoot.crt from the SSL authority.
After making these changes you must restart Apache:
/etc/init.d/apache2 restart
Forcing SSL
If you'd like to force SSL for all connections then edit /etc/apache2/sites-enabled/000-default and enter the following:
<VirtualHost *:80> ServerAdmin admin@example.com ServerName groupoffice.example.com DocumentRoot /var/www Redirect permanent / https://groupoffice.example.com/groupoffice Redirect permanent /groupoffice https://groupoffice.example.com/groupoffice </VirtualHost>
After making these changes you must restart Apache:
/etc/init.d/apache2 restart