SSL Certificate

From Group-Office Groupware and CRM Documentation
Jump to: navigation, search

An SSL certificate is required for a secure connection to the web server. Your URL will be prefixed with https:// instead of http://

Generate Certificate request file

If you want to install an SSL certificate you will need to generate a private key and a certificate request file (.CSR). Login as root to the server and create the folder:

mkdir /etc/apache2/ssl

Go to the folder:

cd /etc/apache2/ssl

Run command:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

where server is the name of your server.

This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.

When you are prompted for the Common Name (domain name), enter the fully qualified domain name for the site you are securing. If you are generating an Apache CSR for a Wildcard SSL Certificate your common name should start with an asterisk (such as *.example.com).

You will then be prompted for your organizational information, beginning with geographic information. There may be default information set already. Don't set a challenge password.

This will then create your openssl .csr file which you can use to order your certificate.

Installing the certificate

To enable the SSL module for apache run the command:

a2enmod ssl

Then make a new virtual host file:

cp /etc/apache2/sites-enabled/000-default /etc/apache2/sites-enabled/001-ssl

Edit the new file to and change the port number on top:

<VirtualHost *:443>

At the end just before </VirtualHost> add:

SSLEngine On
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCACertificateFile /etc/apache2/ssl/CAroot.crt

You should get the server.crt and CARoot.crt from the SSL authority.

After making these changes you must restart Apache:

/etc/init.d/apache2 restart

Forcing SSL

If you'd like to force SSL for all connections then edit /etc/apache2/sites-enabled/000-default and enter the following:

<VirtualHost *:80>
        ServerAdmin admin@example.com
        ServerName groupoffice.example.com

        DocumentRoot /var/www

        Redirect permanent / https://groupoffice.example.com/groupoffice
        Redirect permanent /groupoffice https://groupoffice.example.com/groupoffice
</VirtualHost>

After making these changes you must restart Apache:

/etc/init.d/apache2 restart