This manual is deprecated. Please visit https://groupoffice.readthedocs.io for the latest documentation. |
SSL Certificate
An SSL certificate is required for a secure connection to the web server. Your URL will be prefixed with https:// instead of http://
Generate Certificate request file
If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder:
/etc/apache2/ssl</pr> Run command: <pre>openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where server is the name of your server.
This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.
When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing. If you are generating an Apache CSR for a Wildcard SSL Certificate your common name should start with an asterisk (such as *.example.com).
You will then be prompted for your organizational information, beginning with geographic information. There may be default information set already. Don't set a challenge password.
This will then create your openssl .csr file which you can use to order your certificate.
Installing the certificate
To enable the SSL module for apache run the command:
a2enmod ssl
Then make a new virtual host file:
cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/001-ssl
Edit the new file to and change the port number on top:
<VirtualHost *:443>
At the end just before </VirtualHost> add:
SSLEngine On SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLCertificateFile /etc/apache2/ssl/server.crt SSLCACertificateFile /etc/apache2/ssl/CARoot.crt
You should get the server.crt and CARoot.crt from the SSL authority.