-   Linux - Desktop (
-   -   Installing ssl certificate in CentOS 6.3 Apache & Drupal (

rhbegin 07-27-2012 02:12 PM

Installing ssl certificate in CentOS 6.3 Apache & Drupal
I am at a loss, I have my certificate from Godaddy for the domain name.

The CentOS6.3 server is running Drupal 7 with Apache 2.2 (installed mod_ssl & openssl) packages.
The SSL certificate is for the redirection in Drupal (secure pages).

The Drupal has secure pages enabled so it redirects to https when the login is type in the URL: then it redirects to https

I have read the directions/howtos for installing the cert but I am still at a loss.

I have these files:

My directory structure in /etc/pki/tls/certs :
[root@www tls]# ls -l
total 24
lrwxrwxrwx. 1 root root 19 Feb 6 07:50 cert.pem -> certs/ca-bundle.crt
drwxr-xr-x. 2 root root 4096 Jul 27 12:57 certs
drwxr-xr-x. 2 root root 4096 Jul 11 08:53 misc
-rw-r--r--. 1 root root 10906 May 15 04:52 openssl.cnf
drwxr-xr-x. 3 root root 4096 Jul 27 11:06 private

in this directory is my ssl.conf is this the file I need to edit??

[root@www conf.d]# pwd;ls -l
total 28
-rw-r--r--. 1 root root 674 Jun 25 03:47 php.conf
-rw-r--r--. 1 root root 392 Feb 7 08:51 README
-rw-r--r--. 1 root root 9473 Jul 27 10:57 ssl.conf <-- is this it???
-rw-r--r--. 1 root root 302 Feb 6 15:45 welcome.conf

my document root in the httpd.conf (in /etc/httpd/conf) is:

DocumentRoot "/var/www/webdata"

From the (/etc/httpd/conf.d/ssl.conf) file

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

Any help to get put the files in the right location and how I need to do my Apache directive would be great.

Note: I can post the complete (default) ssl.conf file and my httpd.conf file as well. I am struggling on how to get this to work.

Kustom42 07-27-2012 04:36 PM

You would need to create a duplicate virtual host for the :443 connection, you can put this in your ssl.conf. I used to work for GoDaddy so this is like a blast from the past heh.


<VirtualHost _default_:443>
DocumentRoot "/path/to/your/site"
ServerName ""
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl/
SSLCertificateKeyFile /etc/httpd/conf/ssl/
SSLCertificateChainFile /etc/httpd/conf/ssl/gd_bundle.crt

You can update the paths on the files ot wherever you upload them to, I usually recommend creating another folder like /etc/httpd/conf/ssl/ to store them in to keep it organzied.

Kustom42 07-27-2012 04:38 PM

Just a note, that SSL installs are a pain in the butt and you will have to re-install it every time you renew or purchase a new one. If you are planning on keeping the site I would buy one thats good for a few years so you don't have to go through this again next year.

All times are GMT -5. The time now is 07:56 PM.