I received many requests from my readers that asked to me how to configure SSL(https) for website like 9lessons labs. Actually I enable SSL for Facebook Application integration, nowadays most of the top sites allowing only secure https URL. In this post I explained few steps how to buy and setup a SSL certificate and configuration with XAMPP server in Ubuntu environment.
Live DemoStep 1
Generating KEY file
root:/home# openssl genrsa -des3 -out domain.key 1024
Generating RSA private key, 1024 bit long modulus
....++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for domain.key: Password
Verifying - Enter pass phrase for domain.key: Password
Generating RSA private key, 1024 bit long modulus
....++++++
............++++++
e is 65537 (0x10001)
Enter pass phrase for domain.key: Password
Verifying - Enter pass phrase for domain.key: Password
Step 2
Generating server CRT certificate file.
root:/home# openssl req -new -key domain.key -out domain.crt
Enter pass phrase for domain.key: Key Password
Country Name (2 letter code) [AU]:IN // Country Code
State or Province Name (full name) [Some-State]:Tamilnadu // State
Locality Name (eg, city) []:Chennai // City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:9lessons
Organizational Unit Name (eg, section) []:software
Common Name (eg, YOUR name) []:www.domain.com //
Email Address []:admin@domain.com // Domain Verification
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:SSL Password // No special characters
An optional company name []:egglabs
Enter pass phrase for domain.key: Key Password
Country Name (2 letter code) [AU]:IN // Country Code
State or Province Name (full name) [Some-State]:Tamilnadu // State
Locality Name (eg, city) []:Chennai // City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:9lessons
Organizational Unit Name (eg, section) []:software
Common Name (eg, YOUR name) []:www.domain.com //
Email Address []:admin@domain.com // Domain Verification
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:SSL Password // No special characters
An optional company name []:egglabs
Where to buy?
Many are available on web, I suggest go for www.thawte.com SSL 123 Certificate and Thawte.com providing 21 days free trail click here. I ordered SSL 123 certificate from Bigrock these people providing Thawte certificates little cheaper.
Once SSL certificate order successful, download the domain.crt from your server and submit to SSL provider. SSL provider company eg. thawte will send you the domain verification mail to admin@domain.com which you specified email in CRT file.
Sample CRT file
After domain owner confirmation SSL provider generate a new SSL CRT file. You can download this from SSL provider admin panel based on the order.
-----BEGIN CERTIFICATE REQUEST-----
GIICBzCCAXACAQAwgZYxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlUYW1pbG5hZHUx
EDAOBgNVBAcMB0NoZW5uYWkxETAPBgNVBAoMCDlsZXNzb25zMREwDwYDVQQLDAhz
b2Z0d2FyZTEaMBgGA1UEAwwXV2VjdXJlLmRvbWFpbi5jb20xHzAdBgkqhkiG9w0B
CQEWEGFkbWluQGRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AKXUU6ccqfgVUliKR0S8OsKD8NGhsTH5zOneU5uOi0Ywi9mBE32v144vOc0xng53
LQkxtRCRtzbafIuB9OkHNaeEMfzfNo27kwhP1kwDP4k+pN7hYVkTTT+Wz4WOs4jP
1WHW2lmYhhCfhVjROP2nFhxVvNGu0Y6OYlAlsGhMasnNAgMBAAGgMDAWBgkqhkiG
9w0BCQIxCQwHZWdnbGFiczAWBgkqhkiG9w0BCQcxCQwHZWdnbGFiczANBgkqhkiG
9w0BAQUFAAOBgQAcIuVDoeAzFhSy020nXHpICyy13ffQAqMJEnrVjPQfDGlojBaV
HsQ2dLYENEHb6YiLd+GDwazyrxlR0v6cLlu7KPczvrBnvHH6DP42TMef8yrG8hZ2
TT1V/HCR2eq7oIND2mJdOdJgBvQa7BUy6DjqxfG8cYojbjH+jLRlgDagjA==
-----END CERTIFICATE REQUEST-----
GIICBzCCAXACAQAwgZYxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlUYW1pbG5hZHUx
EDAOBgNVBAcMB0NoZW5uYWkxETAPBgNVBAoMCDlsZXNzb25zMREwDwYDVQQLDAhz
b2Z0d2FyZTEaMBgGA1UEAwwXV2VjdXJlLmRvbWFpbi5jb20xHzAdBgkqhkiG9w0B
CQEWEGFkbWluQGRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AKXUU6ccqfgVUliKR0S8OsKD8NGhsTH5zOneU5uOi0Ywi9mBE32v144vOc0xng53
LQkxtRCRtzbafIuB9OkHNaeEMfzfNo27kwhP1kwDP4k+pN7hYVkTTT+Wz4WOs4jP
1WHW2lmYhhCfhVjROP2nFhxVvNGu0Y6OYlAlsGhMasnNAgMBAAGgMDAWBgkqhkiG
9w0BCQIxCQwHZWdnbGFiczAWBgkqhkiG9w0BCQcxCQwHZWdnbGFiczANBgkqhkiG
9w0BAQUFAAOBgQAcIuVDoeAzFhSy020nXHpICyy13ffQAqMJEnrVjPQfDGlojBaV
HsQ2dLYENEHb6YiLd+GDwazyrxlR0v6cLlu7KPczvrBnvHH6DP42TMef8yrG8hZ2
TT1V/HCR2eq7oIND2mJdOdJgBvQa7BUy6DjqxfG8cYojbjH+jLRlgDagjA==
-----END CERTIFICATE REQUEST-----
Copy the new generated CRT text into notepad and save as into ssldomain.crt. Upload this into your server.
Step 3
Copy files in XAMPP directories
root:/home# cp ssldomain.crt /opt/lampp/etc/ssl.crt/ssldomain.crt
root:/home# cp domain.key /opt/lampp/etc/ssl.key/domain.key
root:/home# cp domain.key /opt/lampp/etc/ssl.key/domain.key
Step 4
Enable SSL extension in /opt/lampp/etc/httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Step 5
Modify a Virtual Host /opt/lampp/etc/extra/httpd-ssl.conf
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs"
ServerName www.domain.com
ServerAdmin admin@domain.com
ErrorLog /opt/lampp/logs/error_log
TransferLog /opt/lampp/logs/access_log
# Server Certificate:
SSLCertificateFile /opt/lampp/etc/ssl.crt/ssldomain.crt
# Server Private Key:
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/domain.key
# Certificate Authority (CA):
SSLCACertificateFile /opt/lampp/etc/ssl.crt/ca.crt
</VirtualHost>
# General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs"
ServerName www.domain.com
ServerAdmin admin@domain.com
ErrorLog /opt/lampp/logs/error_log
TransferLog /opt/lampp/logs/access_log
# Server Certificate:
SSLCertificateFile /opt/lampp/etc/ssl.crt/ssldomain.crt
# Server Private Key:
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/domain.key
# Certificate Authority (CA):
SSLCACertificateFile /opt/lampp/etc/ssl.crt/ca.crt
</VirtualHost>
You can download ca.crt file from thawte.com, or click here to download this file. Same way upload into server copy into /opt/lampp/etc/ssl.crt/ directory.
Step 6
Enable the SSL port 443
No comments:
Post a Comment