General, Linux

GoDaddy Wildcard SSL & Apache2 on SuSE 11.2

Basics

To setup Apache2 with an SSL certificate you’ll need the following:

  • A key – Require to generate a CSR
  • Certificate Signing Request – Require by GoDaddy to generate a certificate
  • Your Certificate
  • GoDaddy’s certificate bundle

To Generate a Triple-DES Encrypted Key Pair and a Certificate Signing Request (CSR)

In a command prompt, enter the following, pressing Enter after each line:

  1. cd /usr/bin/ (/your path to openssl/)
    Enter a passphrase when prompted to. Be sure not to forget otherwise you’ll have to start all over again.
  2. openssl genrsa -des3 -out .key 2048
  3. openssl req -new -key .key -out .csr

Fill in the following

  • Enter Country Name (2 letter code): NG
  • State or Province Name: Lagos
  • Organization Name: Organic Ltd.
  • Common Name
  • Email Address

IMPORTANT

Do not enter a challenge password. Why? This would cause an error when you submit your CSR to GoDaddy.

Now that you have your key and CSR you can generate your SSL Certificate. Copy the contents of your CSR and follow the steps outlined here.

http://help.godaddy.com/article/562

Download your SSL Certificate for Apache and copy them to your server and follow the instructions here

http://help.godaddy.com/topic/742/article/5238
Download your SSL Certificate for Apache and copy them to your server and follow the instructions below:

To Install SSL and Intermediate Certificates

Copy your SSL certificate file and the certificate bundle file to your Apache server. You should already have a key file on the server from when you generated your certificate request. You should copy the files to their respective folders found in Apache’s configuration folder /etc/apache2/

/etc/apache2/ssl.crt/

/etc/apache2/ssl.csr/

/etc/apache2/ssl.key/

Install Certificate From YaST

  • Startup yast from the terminal. I recommend this because once you select the certificate key you’ll have to enter the pass-phrase. If you use the GUI tool then it would freeze un
  • Goto Network Services -> HTTP Server
  • Create A new vHost for your domain and select the server key and certificate
  • Edit configuration file and add the following below the SSLCertificateKeyFile

SSLCertificateChainFile /etc/apache2/ssl.crt/gd_bundle.crt

Restart Apache.

Install Certificate From Terminal

Modify you apache configuration host/vhost file. You’ll need to tell apache where your certificate key is and your certificate

<VirtualHost *:443>

DocumentRoot /srv/www/htdocs/

ServerName example.com

ServerAdmin info@example.com

srv/www/htdocs/>

AllowOverride All

Order allow,deny

Allow from all

</Directory>

<IfDefine SSL>

SSLCertificateFile /etc/apache2/ssl.crt/example.com.crt

SSLCertificateKeyFile /etc/apache2/ssl.key/ example.com.key

SSLCertificateChainFile /etc/apache2/ssl.crt/gd_bundle.crt

SSLEngine on

</IfDefine>

</VirtualHost>

By-pass pass-phrase dialog on Startup

After restarting apache, you’ll notice a prompt for a your pass-phrase. If you used the GUI tool, the YaST process may freeze as a result.

  1. Remove the encryption from the RSA private key (while keeping a backup copy of the original file):
    # cp server.key server.key.org
    # openssl rsa -in server.key.org -out server.key
  2. Make sure the server.key file is only readable by root:
    # chmod 400 server.key

Save your configuration file and restart Apache.

Force SSL/https using .htaccess and mod_rewrite

In certain scenarios you may want to force a secure connection to your web server. You can achieve this easily and flexibly with .htaccess and mod_rewrite.

  1. Make sure your Host’s AllowOverride is set to All in your vhost configuration file.
  2. Make sure mod_rewrite is enabled. You can do that using the following command

    # a2enmod rewrite

  3. Create a .htaccess file in your web-root folder /srv/www/htdocs/ and add the following content

    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Resources

http://help.godaddy.com/topic/746/article/5269

http://help.godaddy.com/article/562

http://www.besthostratings.com/articles/force-ssl-htaccess.html

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

Note that this also works on OpenSuSE 11.1

Standard

2 thoughts on “GoDaddy Wildcard SSL & Apache2 on SuSE 11.2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s