• ssl configuration for webservers

    April 22, 2011 Author: Admin
    No comment yet
    Email, RSS Follow
    Today more and more people are becoming aware of the hazards of insufficient online security measures. Its time to become smart and start taking online security seriously. The first step towards this is to have a padlock icon and the prefix  https in the address bar, to ensure the safety of your online information

    An SSL Certificate, also abbreviated as Secure Socket Layer, is a digital certificate which authenticates the identity of a Website. It also encrypts the information before sending it to the server. An SSL Certificate acts as an online digital passport that contains the credentials of the online business. When an Internet user tries to send confidential information over the internet to the server, the users browser accesses the server’s digital certificate and establishes a secure connection

    How to purchase a ssl certificate.

    1) create a CSR and private key for your domain

    2) contact the ssl providers like www.verisign.com or www.thawte.com with this CSR and purchase ssl certificate. There are different types of ssl certs like secure server, extended valid etc.  For multiple domains you can use wild card ssl certificates and this can be used with all the domains under *.adminlogs.info .

    3) You need to install the purchased SSL certificate in your webserver

    For generating CSR and Key refer : SSL commands

    $ Configure ssl for Apache

    You should use a dedicated IP to configure ssl for your domain.

    <VirtualHost 192.168.0.10:443>
    DocumentRoot /home/admin/public_html
    ServerName www.adminlogs.info

    SSLEngine on
    SSLCertificateFile /usr/local/ssl/www.adminlogs.crt
    SSLCertificateKeyFile /usr/local/ssl/www.adminlogs.key
    SSLCertificateChainFile /usr/local/ssl/www.adminlogs.ca
    </VirtualHost>

    Adjust the file names to match your certificate files:

    * SSLCertificateFile should be your purchased certificate file .
    * SSLCertificateKeyFile should be the key file generated when you created the CSR.
    * SSLCertificateChainFile should be the intermediate certificate file provided by the SSL provider

    If the SSLCertificateChainFile directive does not work, try using the SSLCACertificateFile directive instead.

    $ restart apache

    Configure ssl for Resin web server

    ssl key file location is :  /usr/local/resin/keys/

    $ vi /usr/local/resin/resin.conf

    <server id=”www.adminlogs” address=”192.168.0.10″>
    <http id=”www.adminlogs” address=”192.168.0.10″ port=”8080″/>
    <http id=”www.adminlogs” address=”192.168.0.10″ port=”8443″>

    <openssl>
    <certificate-file>keys/www.adminlogs.crt</certificate-file>
    <certificate-key-file>keys/www.adminlogs.key</certificate-key-file>
    <certificate-chain-file>keys/inter-adminlogs.txt</certificate-chain-file>
    <password>pass</password>
    <protocol>-ALL +SSLv3 +TLSv1</protocol>
    <cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite>
    </openssl>
    </http>
    </server>

    Protocol & cipher-suite directives here used for disable sslv2 weak cipher suites.

    $ restart resin

    How to verify the installation

    You can check your ssl installation using the following url

    http://www.digicert.com/help/