Skip to end of metadata
Comment: Migrated to Confluence 4.0
Go to start of metadata

Following are the steps for SSL configuration for Apache and CiviCRM on Linux servers.

Creating Certificate and Key for SSL

1. Create RSA Private Key.

The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

The command will prompt you for a pass-phrase and then store the key in the file server.key. It is critical that the pass-phrase be secure and not forgotten. If either the key is lost, or the pass-phrase is forgotten, the certificate will be useless!. You might want to consider using an empty passphrase so apache could restart on its own without a pass-phrase. Check the web for documentation on best practices

2. Generating Certificate Signing Request (CSR)

Once the private key is generated a Certificate Signing Request can be generated.

During the generation of the CSR, you will be prompted for several pieces of information.
A sample CSR generation session is shown below,

3. Generating or Obtaining a Certificate

At this point you can choose to generate a self-signed certificate, or obtain a certificate from a certification authority. The second option is preferable as it will provide a higher level of trust to users visiting your SSL secured pages.

To generate a self-signed certificate which is good for a year, issue the following command:

Or, purchase and request an SSL certificate from a certificate vendor such as Thawte, GeoTrust or Comodo using the csr generated above.

4. Copying the key and certificate to the destination point.

1. Make a folder (ssl.crt) under apache/conf and copy the certificate there.

2. Make another folder(ssl.key) under apache/conf and copy the key there.

Configure httpd.conf for SSL

Some changes to be done in httpd.conf for SSL.
(httpd.conf can be found under apache installtion. e.g /usr/local/apache2/conf/httpd.conf)

  1. Search for following line and uncomment it if it is commented.
  2. Search for follownig lines of code. If it is not present or commneted, then add it or uncomment it.

Configure ssl.conf for SSL

Some changes to be done in ssl.conf for SSL.
(ssl.conf can be found under apache installtion. e.g /usr/local/apache2/conf/ssl.conf)

  1. Comment following lines of code.
  2. Make sure apache is listening to 443 port.
    So following line of code should be present.
  3. Create one Virtual Host for 443 port.

If you are using Apache 2.2x,    After Step 3 follow this instructions:

1. Copy ssl.key and ssl.crt to /usr/local/apache2/conf

2. Edit you http.conf
Uncomment this lines:
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

3. Modify httpd-ssl.conf for your server details.

4. Restart your apache. It will prompt you to "Enter pass phrase:". You are good to go (smile)

Labels
  • None

Creative Commons License
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 3.0 United States Licence.