Secure your website for free with StartSSL

  • Linux
  • Apache
  • 2/2

4. Login again in your StartSSL account

To login again in your account, just click on "Authenticate".

If your client certificate is still in your web browser, a "User Identification Request" window will appear. Click "OK".

 

5. Secure Apache with the SSL certificate

To secure the apache web server with our certificate and our private key, refer to the StartSSL documentation.

First, transfer the certificate and private key on your linux server.
Then, move the certificate in the "/etc/ssl/certs" folder and the private key in the "/etc/ssl/private" folder.

As indicated in the StartSSL documentation, you will need the intermediary certificate of the CA.
To do this, download the "sub.class1.server.ca.pem" file in the "/etc/ssl/certs".

Bash

cd /etc/ssl/certs
wget https://www.startssl.com/certs/sub.class1.server.ca.pem

Decrypt the private key to prevent that Apache requests the password (the pass phrase) of the private key at startup.
Note : You must enter once the password to decrypt the private key.

Bash

cd /etc/ssl/private
openssl rsa -in ssl.key -out ssl.key

Now, modify the "default-ssl" virtual host (or whatever you wish to secure over SSL).
Note : By default, the https protocol uses the 443 port.

Bash

vim /etc/apache2/sites-available/default-ssl

In this file, comment lines beginning with "SSL ..." and use the "SSL ..." lines provided by StartSSL.

Plain Text

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateFile /etc/ssl/certs/ssl.crt
SSLCertificateKeyFile /etc/ssl/private/ssl.key
SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem

Enable the "SSL" module.

Bash

a2ensite default-ssl

Activate the "default-ssl" virtual host.

Bash

a2ensite default-ssl

Finally, restart apache.

Bash

service apache2 restart

 

6. Test the certificate and the https protocol

Navigate to the address "https://your-website.com" (or https://sub-domain.your-website.com) and click on the padlock.
As you can see on this picture, firefox sees this as a valid certificate because this certificate is issued by a certification authority recognized by the operating system (and by Firefox which uses its own certificate store).

In Mozilla Firefox, click the "More information" button.

Then, view the certificate.

In the "Details" tab, you can view the hierarchy of this certificate :
- StartCom Certification Authority : The root certificate of the certification authority.
- StartCom Class 1 Primary Intermediate Server CA : The intermediary certificate of the CA. The "sub.class1.server.ca.pem" file that you had downloaded from the StartSSL website.
- www.informatiweb.net : our certificate signed by StartSSL.

To see also

Comments

No comment

Share your opinion

Pinned content

Contact

® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.

Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.