Results 1 to 8 of 8

Thread: SSl certificates!

  1. #1
    Member honey bee's Avatar
    Join Date
    Feb 2006
    Location
    Pakistan
    Posts
    146

    Question SSl certificates!

    Hello!

    I have created different virtual hosts in apache.Now, i want to enable ssl for the host which require it.Please suggest me which certificate i should use?

  2. #2
    Are you creating your own certificates or are you getting them from a company that specializes in creating them (aka Certificate Authority, CA) like Verisign?

  3. #3
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935
    Also depending on what kind of services you are going to be offering. For example, would you trust your bank to use their own certificate, which may or may not be the host you are trying to connect (man in the middle kind of thing)? If you absolutely need a host to be trusted by others, then it's a MUST to use CA offering such as Verisign.

    But all you want is to offer a secure way of connecting to a host which required a SSL cert but no need to have verifiable credential (such as shopping cart on your site), then you can get away with using your own cert.
    LinuxVillage - The truely community run Linux/Floss forum !

    No IT BS !!

  4. #4
    Member honey bee's Avatar
    Join Date
    Feb 2006
    Location
    Pakistan
    Posts
    146
    Thank you for your replies .I just want a secure way of connecting to the host.

  5. #5
    Member honey bee's Avatar
    Join Date
    Feb 2006
    Location
    Pakistan
    Posts
    146

    Question

    Hello,

    I am trying to implement SSl with apache webserver's virtual hosts.I don't want global SSL implementation.I just want to add this facility with the hosts who require it.Can anyone guide me how to do that?

    I want to implement it just for security purpose, so if i'll create a certificate of my own.In that case how can i define that which certificate should be used by which host???

  6. #6
    Moderator
    Good Guru
    Compunuts's Avatar
    Join Date
    May 2001
    Location
    California
    Posts
    3,935
    I was meaning to write in the PET section for SSL with Apache but never got around to it.

    Here is my /etc/apache2/sites-enabled/mysite file.
    Code:
    NameVirtualHost *:80
    <VirtualHost *:80>
            ServerName mysite.mydomain.com
            ServerAdmin compunuts@localhost
            DocumentRoot /var/www/mysite
    </VirtualHost>
    
    NameVirtualHost *:443
    <VirtualHost *:443>
            ServerName mysite.mydomain.com
            ServerAdmin compunuts@localhost
    
            SSLEngine On
            SSLCertificateFile /etc/apache2/ssl/mysite.pem
    
            DocumentRoot /var/www/mysite
    
    <Directory /var/www/mysite/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
    </Directory>
    </virtualhost>
    Note the SSL cert file. That's where you define your SSL cert for any given site. You can have as many certs as you like as long as you define them in there. For security purposes, you should NEVER put your SSL cert in web directory.

    Also note that this is a very basic SSL setting. I have some other password log ins, log level settings and stuff but you do not need those if you are not using it.

    HTH ....
    LinuxVillage - The truely community run Linux/Floss forum !

    No IT BS !!

  7. #7
    Member honey bee's Avatar
    Join Date
    Feb 2006
    Location
    Pakistan
    Posts
    146

    Question

    Thank you for your reply.The information you gave is quite helpful.I had to add the following things to it and it worked.Do you have any idea why i needed these all?

    Code:
    <VirtualHost *:443>
            ServerName mysite.mydomain.com
            ServerAdmin compunuts@localhost
    
            SSLEngine On
            SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
            SSLCertificateFile /etc/apache2/ssl.crt/mysite.pem
            SSLCertificateKeyFile /etc/apache2/ssl.key/mysite.pem
    
            DocumentRoot /var/www/mysite
    
    <Files ~ "\.(cgi|shtml|phtml|php3?)$">
        SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>
    
    SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
    
    CustomLog logs/ssl_request_log \
              "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    
    <Directory /var/www/mysite/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride None
            Order allow,deny
            allow from all
    </Directory>
    </virtualhost>
    Another thing that i wanted to ask is that i followed the following link to create my own certificates:

    http://www.flatmtn.com/computer/Linu...tesApache.html

    Here, i have to create a root certificate, why i need it?.The new certificates we create are based on root certificate?.I am feeling very confused about it.

  8. #8
    Member honey bee's Avatar
    Join Date
    Feb 2006
    Location
    Pakistan
    Posts
    146
    Hello!

    If i don't want to create my own certificate then from where i can get the free certificates for a secure login and what will be the steps in that case.

    I also wanted to ask one more thing i.e. that i have OPenSSL already configured to Apache and by default i have cacert.pem , localhost.key and localhost.crt.So, in this case localhost.crt can be used as root certificate or not?

    Regards!

Similar Threads

  1. Website certificates
    By elovkoff in forum Linux - Software, Applications & Programming
    Replies: 8
    Last Post: 07-27-2004, 04:42 AM
  2. Digital Certificates, free
    By Fatal Error in forum Linux - Software, Applications & Programming
    Replies: 9
    Last Post: 07-21-2004, 03:38 AM
  3. Openssl upgrading and certificates
    By Blaqb0x in forum Linux - Software, Applications & Programming
    Replies: 1
    Last Post: 04-08-2003, 12:33 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •