How do I setup SSL CRT on my Apache2 server? (ok)

https://askubuntu.com/questions/68940/how-do-i-setup-ssl-crt-on-my-apache2-server

How do I setup SSL CRT on my Apache2 server?

Ask QuestionAsked 8 years, 10 months agoActive 8 years, 10 months agoViewed 30k times52

I just got from Godaddy a SSL certificate. I downloaded the files... But now I am wandering where I should put them. And is there anything else I need to setup?

The reason I am asking because I am receving conflicting ways of how to setup the SSL on a Apache2 server.

They say use ssl.conf but I found two on my server:

/etc/apache2/mods-available/ssl.conf
/etc/apache2/mods-enabled/ssl.conf

Then they say I have to add these instructions:

SSLCertificateFile /path/to/your/certificate/file
SSLCertificateKeyFile /path/to/your/key/file
SSLCertificateChainFile /path/to/intermediate/bundle/file

Also they say that it might not be in the ssl.conf but in the httpd.conf file...

So wich is it?

And if I use ssl.conf wich file must I modify?

Thanks in advance for any help.

UPDATE:

Here is my config:

<VirtualHost 00.00.000.00:443>
    ServerName example.com
    ServerAlias www.example.com
    ServerAdmin webmaster@example.com
    DocumentRoot /var/www/example.com
    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile    /etc/ssl/certs/example.crt
    SSLCertificateKeyFile /etc/ssl/private/example.key
    #SSLCertificateChainFile /etc/ssl/certs/gd_bundle.crt
</VirtualHost>

It seems that Godaddy cert. is not reconized by Google Chrome for some reason...

So what is the SSLCertificateChainFile?configuration apache2 sslshare improve this question follow edited Oct 20 '11 at 4:56asked Oct 18 '11 at 21:29jnbdz40811 gold badge66 silver badges2020 bronze badgesadd a comment

1 Answer

ActiveOldestVotes6

This depends. You'll likely want to add those lines to the VirtualHost file. I'll use the default as the example but you'll likely have multiple VirtualHosts defined (they are typically in the /etc/apache2/site-available/ directory).

However, you'll first need to install the SSL certificates. Typically you can place the .crt file (or the certificate file, if it doesn't end with .crt) in /etc/ssl/certs/directory. Then copy the .key file to /etc/ssl/private/ directory. Make sure that the .key file doesn't have other readable permissions, as it can lead to an exploit. As a reminder these are just default SSL certificate locations, you can put them anywhere you want I've seen some installations use /etc/apache2/ssl for a dumping ground of CRT and KEY files. This, again, is entirely up to you.

For actually setting up the SSL site in Apache, you'll want to copy the site's VirtualHost and edit a few lines so it operates properly with SSL. In this example I'll continue to just use the default setup but replace default with whichever VirtualHost file you're editing.

So for default site, you'll copy the /etc/apache2/sites-available/default file, like so:

cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default-ssl

Then edit the new default-ssl file. First change the first line, <VirtualHost..., from :80 to :443 so it will probably look like:

<VirtualHost *:443>

The * will likely need to be the IP address for which Apache listens to for that site. It can still be an asterisk, which is a wildcard match, but this may cause problems for when you have multiple SSL certificates on multiple sites. When that's updated at the bottom of the file, just above the </VirtualHost> line, add the following:

    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/<yourssl>.crt
    SSLCertificateKeyFile /etc/ssl/private/<yourssl>.key
    SSLCertificateChainFile /etc/ssl/certs/<yourssl>.crt

After you've done this you'll need to enable your site. Invoke the following commands to enable mod_ssl, the new VirtualHost you created, and restart Apache.

sudo a2enmod ssl
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart

Now when you navigate to the site via https:// you should be able to successfully connect!share improve this answer follow edited Oct 18 '11 at 22:21answered Oct 18 '11 at 22:13Marco Ceppi♦45.3k2626 gold badges163163 silver badges195195 bronze badges

• I am using VirtualHost... So I modify the file default-ssl like you said... But what about the file with the config of the website itself... – jnbdz Oct 19 '11 at 8:53

• Only one of those sites will use HTTPS... – jnbdz Oct 19 '11 at 8:53

• 1You need to setup a new VirtualHost definition which is just a copy of the current VirtualHost except for the few changes outlined in the above post. So the HostName, DocumentRoot, all other settings remain the same as the current VirtualHost – Marco Ceppi♦ Oct 19 '11 at 11:39

• Problem: Now when I type in the address with the https I get a list of all my vhosts... – jnbdz Oct 20 '11 at 4:42

• Also I have a .csr what do I do with it? – jnbdz Oct 20 '11 at 4:44