How to Upload Ssl on a Vps
Annotation: You lot may want to consider using Permit'southward Encrypt instead of the StartSSL.com process beneath. Allow'south Encrypt is a new certificate authority that provides a free and easy way of creating SSL/TLS certificates that are trusted in most web browsers. Cheque out the tutorial to get started: How To Secure Apache with Let's Encrypt on Ubuntu 14.04
Prerequisites
Before we get started, here are the web tools you need for this tutorial:
<ol> <li><a href="https://world wide web.google.com/intl/en/chrome/browser">Google Chrome</a> browser</li> <li>Apache installed on your VPS (cloud server)</li> <li>A domain proper name you own</li> <li>Access to an email address at that domain, either: <ol> <li>postmaster@duable.co</li> <li>hostmaster@duable.co</li> <li>webmaster@duable.co</li> </ol> </li> </ol> StartSSL.com offers completely gratis verified (your users won't have to run into those scary cherry-red screens saying "this site isn't trusted" anymore) SSL certificates that you can utilise on your website. This is a bully bargain equally near companies charge $l-$60 for like services. The gratuitous version is a bit tricky to set upwardly, but it'due south well worth it.
To get started, browse to StartSSL.com and using the toolbar on the left, navigate to StartSSL Products and so to StartSSL™ Gratuitous. Choose the link for Control Console from the pinnacle of the page.
Make certain you are using Google Chrome
<ol> <li>Choose the <strong>Express Signup.</potent> option</li> <li>Enter your personal information, and click continue.</li> <li>You'll get an email with a verification code inside it presently. Copy and paste that e-mail into the course on StartSSL's page.</li> <li>They will review your request for a certificate and then transport you an electronic mail with the new info. This process might accept as long as 6 hours though, so be patient.</li> <li>Once the electronic mail comes, use the link provided and the new authentication lawmaking (at the bottom of the e-mail) to continue to the next stride.</li> <li>They will inquire you to Generate a private key and y'all will exist provided with the choice of "High" or "Medium" grade. Go ahead and choose "High".</li> <li>Once your key is set up, click Install.</li> <li>Chrome will prove a popdown that says that the certificate has been succesfully installed to Chrome.</li> </ol> <p>This means your browser is now authenticated with your new document and you lot can log into the StartSSL authentication areas using your new certificate. Now, we need to get a properly formatted certificate gear up up for use on your VPS. Click on the <a href="https://world wide web.startssl.com/?app=12">Control panel</a> link once more, and choose the Cosign option. Chrome will evidence a popup asking if you desire to authenticate and will show the document you simply installed. Get ahead and authenticate with that certificate to enter the control console.</p> <p>You will need to validate your domain proper noun to show that yous own the domain you are setting up a certificate for. Click over to the Validations Wizard in the <a href="https://www.startssl.com/?app=12">Control panel</a> and set Type to Domain Name Validation. You'll be prompted to cull from an email at your domain, something similar postmaster@yourdomain.com.</p> 
Check the electronic mail inbox for the email accost yous selected. Y'all will go yet another verification email at that accost, then similar before, copy and paste the verification code into the StartSSL website.
Adjacent, go to the Certificates Wizard tab and choose to create a Web Server SSL/TLS Certificate.
Hit keep and and so enter in a secure password, leaving the other settings as is.
You will be shown a textbox that contains your individual key. Copy and paste the contents into a text editor and salvage the data into a file called ssl.key.
When you click continue, yous will be asked which domain you lot want to create the certificate for:
Choose your domain and keep to the next step.
Yous volition be asked what subdomain you lot want to create a certificate for. In well-nigh cases, y'all want to choose www here, but if you'd like to employ a dissimilar subdomain with SSL, then enter that here instead:
StartSSL volition provide yous with your new certificate in a text box, much as it did for the private cardinal:
Again, re-create and paste into a text editor, this fourth dimension saving it equally ssl.crt.
Yous will as well need the StartCom Root CA and StartSSL's Form ane Intermediate Server CA in order to cosign your website though, so for the final stride, become over to the Toolbox pane and cull StartCom CA Certificates:
At this screen, right click and Relieve As 2 files:
<ul> <li>StartCom Root CA (PEM Encoded) (salvage to ca.pem)</li> <li>Form i Intermediate Server CA (save to sub.class1.server.ca.pem)</li> </ul> For security reasons, StartSSL encrypts your private primal (the ssl.key file), merely your web server needs the unencrypted version of it to handle your site'south encryption. To unencrypt it, copy information technology onto your server, and apply the following command to decrypt it into the file private.key:
openssl rsa -in ssl.key -out private.key
OpenSSL will enquire you for your password, so enter it in the countersign you typed in on StartSSL's website.
At this bespeak yous should accept v files. If you're missing whatsoever, double-check the previous steps and re-download them:
<ul> <li>ca.pem - StartSSL'southward Root document</li> <li>private.fundamental - The unencrypted version of your individual fundamental (exist very careful no one else has access to this file!)</li> <li>sub.class1.server.ca.pem - The intermediate certificate for StartSSL</li> <li>ssl.key - The encrypted version of your private key (does not need to be copied to server)</li> <li>ssl.crt - Your new certificate</li> </ul> Y'all can discard the ssl.key file. If y'all oasis't already copied the others onto your server you upload them there now:
scp {ca.pem,private.key,sub.class1.server.ca.pem,ssl.crt} YOURSERVER:~ <h2>Activating the certificate in Apache</h2> Having a certificate isn't any skilful if yous tin't actually apply it. This section explains how to configure Apache to use your new SSL certificate. These instructions are for Apache running on recent versions of Ubuntu VPS. For other Linux-based distros or web servers, you lot'll have to adjust accordingly.
First, create the folders where we'll store the keys. Enable Apache'southward SSL module, and restart Apache.
sudo a2enmod ssl sudo service apache2 restart sudo mkdir -p /etc/apache2/ssl
Copy the files you fix up in the previous section into the /etc/apache2/ssl folder on your VPS.
sudo mkdir -p /etc/apache2/ssl cp ~/{ca.pem,private.cardinal,sub.class1.server.ca.pem,ssl.crt} /etc/apache2/ssl Execute:
ls /etc/apache2/ssl
And it should return:
ca.pem ssl.crt private.fundamental sub.class1.server.ca.pem
Now, open your apache2 configuration file. Unless you've already modified the default configuration, input:
nano /etc/apache2/sites-enabled/000-default
It should look something like this:
<VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Gild allow,deny let from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # warning, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /md/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,permit Deny from all Allow from 127.0.0.0/255.0.0.0 ::ane/128 </Directory> </VirtualHost> Re-create the entire script above (from <VirtualHost *:80> to </VirtualHost>), paste it beneath the existing one, and change the top line from:
<VirtualHost *:80>
to
<VirtualHost *:443>
And add the following lines later the <VirtualHost *:443> line:
SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+High:+MEDIUM SSLCertificateFile /etc/apache2/ssl/ssl.crt SSLCertificateKeyFile /etc/apache2/ssl/private.key SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
The terminate result should look like this:
<VirtualHost *:fourscore> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny let from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Permit from all </Directory> ErrorLog ${APACHE_LOG_DIR}/fault.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doctor/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> <VirtualHost *:443> SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+Loftier:+MEDIUM SSLCertificateFile /etc/apache2/ssl/ssl.crt SSLCertificateKeyFile /etc/apache2/ssl/private.key SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Society permit,deny Permit from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, detect, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Allonym /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,permit Deny from all Let from 127.0.0.0/255.0.0.0 ::one/128 </Directory> </VirtualHost> Save your files and restart Apache with:
sudo service apache2 restart
You lot tin check Apache's log files to see if at that place are any show stopping errors with this control:
cat /var/log/apache2/error.log
If everything looks practiced, try accessing your site in your web browser using an HTTPS URL (east.g. https://www.YOURSITE.com). When your site loads, yous should meet a niggling green padlock icon next to the URL. Click on it and yous should see the following. The connections tab should show that the site'due south identity has been verified by StartCom.
Congratulations! You lot are all set!
<p>Reference Links:</p> Here are some of the other posts I consulted when putting this together. If you run into any problems they might be a source of inspiration on how to fix them:
<ul> <li><a href="http://www.debian-administration.org/manufactures/349">Apache SSL Configuration</a></li> <li><a href="http://jasoncodes.com/posts/startssl-free-ssl">StartSSL Apache Guides</a></li> </ul> Source: https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps
0 Response to "How to Upload Ssl on a Vps"
Post a Comment