LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Desktop (http://www.linuxquestions.org/questions/linux-desktop-74/)
-   -   Installing ssl certificate in CentOS 6.3 Apache & Drupal (http://www.linuxquestions.org/questions/linux-desktop-74/installing-ssl-certificate-in-centos-6-3-apache-and-drupal-4175418979/)

rhbegin 07-27-2012 01:12 PM

Installing ssl certificate in CentOS 6.3 Apache & Drupal
 
I am at a loss, I have my certificate from Godaddy for the domain name.

The CentOS6.3 server is running Drupal 7 with Apache 2.2 (installed mod_ssl & openssl) packages.
The SSL certificate is for the redirection in Drupal (secure pages).

The Drupal has secure pages enabled so it redirects to https when the login is type in the URL: www.mysite.com/?q=user then it redirects to https

I have read the directions/howtos for installing the cert but I am still at a loss.

I have these files:

mydomain.name.crt
www_mydomain.name.key
gd_bundle.crt


My directory structure in /etc/pki/tls/certs :
[root@www tls]# ls -l
total 24
lrwxrwxrwx. 1 root root 19 Feb 6 07:50 cert.pem -> certs/ca-bundle.crt
drwxr-xr-x. 2 root root 4096 Jul 27 12:57 certs
drwxr-xr-x. 2 root root 4096 Jul 11 08:53 misc
-rw-r--r--. 1 root root 10906 May 15 04:52 openssl.cnf
drwxr-xr-x. 3 root root 4096 Jul 27 11:06 private


in this directory is my ssl.conf is this the file I need to edit??

[root@www conf.d]# pwd;ls -l
/etc/httpd/conf.d
total 28
-rw-r--r--. 1 root root 674 Jun 25 03:47 php.conf
-rw-r--r--. 1 root root 392 Feb 7 08:51 README
-rw-r--r--. 1 root root 9473 Jul 27 10:57 ssl.conf <-- is this it???
-rw-r--r--. 1 root root 302 Feb 6 15:45 welcome.conf

my document root in the httpd.conf (in /etc/httpd/conf) is:

DocumentRoot "/var/www/webdata"

From the (/etc/httpd/conf.d/ssl.conf) file

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt


Any help to get put the files in the right location and how I need to do my Apache directive would be great.

Note: I can post the complete (default) ssl.conf file and my httpd.conf file as well. I am struggling on how to get this to work.

Kustom42 07-27-2012 03:36 PM

You would need to create a duplicate virtual host for the :443 connection, you can put this in your ssl.conf. I used to work for GoDaddy so this is like a blast from the past heh.


Code:

<VirtualHost _default_:443>
DocumentRoot "/path/to/your/site"
ServerName "www.yourdomain.com"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl/mydomain.name.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/www_mydomain.name.key
SSLCertificateChainFile /etc/httpd/conf/ssl/gd_bundle.crt
</VirtualHost>

You can update the paths on the files ot wherever you upload them to, I usually recommend creating another folder like /etc/httpd/conf/ssl/ to store them in to keep it organzied.

Kustom42 07-27-2012 03:38 PM

Just a note, that SSL installs are a pain in the butt and you will have to re-install it every time you renew or purchase a new one. If you are planning on keeping the site I would buy one thats good for a few years so you don't have to go through this again next year.


All times are GMT -5. The time now is 03:09 PM.