Print
Category: Software
Hits: 11176

There are some small projects from friends next to my own private website that im hosting. Because there are no further requirements like HTTPS, i just basically installed the webserver with PHP/Python and MySQL only. Yesterday a friend told me about creating a Facebook Application where HTTPS is a requirement. Using Apache2 i'll describe here how i managed to set up SSL.

(article work in progress)

First Apache needs the module ssl loaded to understand our ssl configuration we want to add.

$ sudo netstat -tlpn | grep apache
tcp6       0      0 :::80                   :::*                    LISTEN      12804/apache2
$ sudo a2enmod
Your choices are: actions alias asis auth_basic auth_digest authn_alias authn_anon authn_dbd authn_dbm authn_default authn_file authnz_ldap authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cern_meta cgi cgid charset_lite dav dav_fs dav_lock dbd deflate dir disk_cache dump_io env expires ext_filter file_cache filter headers ident imagemap include info ldap log_forensic mem_cache mime mime_magic negotiation perl php5 proxy proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http proxy_scgi python reqtimeout rewrite setenvif speling ssl status substitute suexec suphp unique_id userdir usertrack version vhost_alias
Which module(s) do you want to enable (wildcards ok)?
ssl
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
Run '/etc/init.d/apache2 restart' to activate new configuration!
$ sudo /etc/init.d/apache2 restart
Restarting web server: apache2 ... waiting ..
$ sudo netstat -tlpn | grep apache
Active Internet connections (only servers)
tcp6       0      0 :::80                   :::*                    LISTEN      20798/apache2
tcp6       0      0 :::443                  :::*                    LISTEN      20798/apache2

 

SSL-Certificate:

or

 

Adding the SSL configuration into the according virtualhost configuration for HTTPS in /etc/apache/sites-available/

SSLEngine on
SSLCertificateChainFile /www/u13102/chil.at/ssl/ca-bundle.pem
SSLCertificateFile /www/u13102/chil.at/ssl/ssl.crt
SSLCertificateKeyFile /www/u13102/chil.at/ssl/ssl.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /www/u13102/chil.at/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

 

With Google Chrome it looks good, seems to work fine. https://www.chil.at/

 

But Firefox seem to look in more detail, i had to update the link to Google Analytics' javascript file from http to https. And the plugin videobox, i use in some articles, has hosted their javascript file on http only so i downloaded the file onto my webserver.

http://security.stackexchange.com/questions/14061/what-does-these-warnings-mean-on-an-ssl-connection-by-firefox-only

Warning 3: Connection Partially encrypted - Parts of the page you are viewing were not encrypted before transmitted over the internet.

"This means that elements in the page you are viewing are not transferred via SSL. This could mean images, scripts or even CSS files. The problem here is that some traffic will be sent in cleartext, potentially revealing what page you are viewing or more important details, such as cookies."

 

Safari 5.1.9 in OSX 10.6.8:

StartCom SSL certificates not validating in Mountain Lion?

 

Tools:

http://www.networking4all.com/en/support/tools/site+check/