ssl configuration for webservers

April 22, 2011 Author: Admin
No comment yet
Email, RSS Follow
Today more and more people are becoming aware of the hazards of insufficient online security measures. Its time to become smart and start taking online security seriously. The first step towards this is to have a padlock icon and the prefix  https in the address bar, to ensure the safety of your online information

An SSL Certificate, also abbreviated as Secure Socket Layer, is a digital certificate which authenticates the identity of a Website. It also encrypts the information before sending it to the server. An SSL Certificate acts as an online digital passport that contains the credentials of the online business. When an Internet user tries to send confidential information over the internet to the server, the users browser accesses the server’s digital certificate and establishes a secure connection

How to purchase a ssl certificate.

1) create a CSR and private key for your domain

2) contact the ssl providers like www.verisign.com or www.thawte.com with this CSR and purchase ssl certificate. There are different types of ssl certs like secure server, extended valid etc.  For multiple domains you can use wild card ssl certificates and this can be used with all the domains under *.adminlogs.info .

3) You need to install the purchased SSL certificate in your webserver

For generating CSR and Key refer : SSL commands

$ Configure ssl for Apache

You should use a dedicated IP to configure ssl for your domain.

<VirtualHost 192.168.0.10:443>
DocumentRoot /home/admin/public_html
ServerName www.adminlogs.info

SSLEngine on
SSLCertificateFile /usr/local/ssl/www.adminlogs.crt
SSLCertificateKeyFile /usr/local/ssl/www.adminlogs.key
SSLCertificateChainFile /usr/local/ssl/www.adminlogs.ca
</VirtualHost>

Adjust the file names to match your certificate files:

* SSLCertificateFile should be your purchased certificate file .
* SSLCertificateKeyFile should be the key file generated when you created the CSR.
* SSLCertificateChainFile should be the intermediate certificate file provided by the SSL provider

If the SSLCertificateChainFile directive does not work, try using the SSLCACertificateFile directive instead.

$ restart apache

Configure ssl for Resin web server

ssl key file location is :  /usr/local/resin/keys/

$ vi /usr/local/resin/resin.conf

<server id=”www.adminlogs” address=”192.168.0.10″>
<http id=”www.adminlogs” address=”192.168.0.10″ port=”8080″/>
<http id=”www.adminlogs” address=”192.168.0.10″ port=”8443″>

<openssl>
<certificate-file>keys/www.adminlogs.crt</certificate-file>
<certificate-key-file>keys/www.adminlogs.key</certificate-key-file>
<certificate-chain-file>keys/inter-adminlogs.txt</certificate-chain-file>
<password>pass</password>
<protocol>-ALL +SSLv3 +TLSv1</protocol>
<cipher-suite>ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM</cipher-suite>
</openssl>
</http>
</server>

Protocol & cipher-suite directives here used for disable sslv2 weak cipher suites.

$ restart resin

How to verify the installation

You can check your ssl installation using the following url

http://www.digicert.com/help/

No related posts.

Posted in :  Apache , Resin , Security
Tags :  , , , , ,

URL for this post : https://adminlogs.info/2011/04/22/ssl-configuration-for-webservers/