Follow

White Paper SSL - Automate DV ordering process - Examples automatic SSL certificate installation

To be completed

Below you will find information about different web servers. If you have any input for this article, please drop us an e-mail or write a comment!

As the services of Openprovider explicitly exclude hosting services, this section is outside our primary knowledge area. Still, we will try to give you relevant information that might help you in the automated installation process of SSL certificates on your server.

In all cases, it is required that you have possess the following files:

  • The private key (.key, as a result of the CSR generation step)
  • The certificate itself (.crt, as provided by Openprovider)
  • The intermediate certificates (.crt, as provided by Openprovider or as from our Knowledge Base)

Apache

The domain configuration in Apache is stored in plain text files, normally per domain somewhere in the /etc/httpd/ directory. The installation of a certificate is done in the following three steps, which all can be automated:

1. Store the files
Store all required files (private key, certificate and intermediate certificate) in plain text files on your server.

2. Adapt configuration files
Basically, you will have to teach Apache that it must listen to incoming traffic on port 443 (the https port) for a certain IP address. If traffic indeed arrives through this port 443, Apache must be told that it must force encryption, and where it can find the files that this encryption is based upon. A typical SSL configuration in Apache is the following:

<VirtualHost x.x.x.x:443>
DocumentRoot /var/www/examplesite
ServerName example.com www.example.com
SSLEngine on
SSLCertificateFile /path/to/examplesite.crt
SSLCertificateKeyFile /path/to/privatekey.key
SSLCertificateChainFile /path/to/intermediate.crt
</VirtualHost>

Maybe you want to redirect all non-https traffic automatically to https. If so, search for the 'regular' configuration on the non-secured port 80 and add a permanent redirect there:

<VirtualHost x.x.x.x:80>
ServerName example.com www.example.com
Redirect permanent / https://www.example.com/
</VirtualHost>

3. Reload Apache
Now the configuration has been changed, tell Apache to read this new configuration by sending a 'reload' command:

sudo /etc/init.d/apache2 reload

Using 'reload' rather than 'restart' ensures that there is no interruption of your webserver.

Full documentation about SSL in Apache is available in the Apache documentation.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.