LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices

Reply
 
Search this Thread
Old 07-27-2012, 01:12 PM   #1
rhbegin
Member
 
Registered: Oct 2003
Location: Arkansas, NWA
Distribution: Fedora/CentOS/SL6
Posts: 381

Rep: Reputation: 23
Question Installing ssl certificate in CentOS 6.3 Apache & Drupal


I am at a loss, I have my certificate from Godaddy for the domain name.

The CentOS6.3 server is running Drupal 7 with Apache 2.2 (installed mod_ssl & openssl) packages.
The SSL certificate is for the redirection in Drupal (secure pages).

The Drupal has secure pages enabled so it redirects to https when the login is type in the URL: www.mysite.com/?q=user then it redirects to https

I have read the directions/howtos for installing the cert but I am still at a loss.

I have these files:

mydomain.name.crt
www_mydomain.name.key
gd_bundle.crt


My directory structure in /etc/pki/tls/certs :
[root@www tls]# ls -l
total 24
lrwxrwxrwx. 1 root root 19 Feb 6 07:50 cert.pem -> certs/ca-bundle.crt
drwxr-xr-x. 2 root root 4096 Jul 27 12:57 certs
drwxr-xr-x. 2 root root 4096 Jul 11 08:53 misc
-rw-r--r--. 1 root root 10906 May 15 04:52 openssl.cnf
drwxr-xr-x. 3 root root 4096 Jul 27 11:06 private


in this directory is my ssl.conf is this the file I need to edit??

[root@www conf.d]# pwd;ls -l
/etc/httpd/conf.d
total 28
-rw-r--r--. 1 root root 674 Jun 25 03:47 php.conf
-rw-r--r--. 1 root root 392 Feb 7 08:51 README
-rw-r--r--. 1 root root 9473 Jul 27 10:57 ssl.conf <-- is this it???
-rw-r--r--. 1 root root 302 Feb 6 15:45 welcome.conf

my document root in the httpd.conf (in /etc/httpd/conf) is:

DocumentRoot "/var/www/webdata"

From the (/etc/httpd/conf.d/ssl.conf) file

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt


Any help to get put the files in the right location and how I need to do my Apache directive would be great.

Note: I can post the complete (default) ssl.conf file and my httpd.conf file as well. I am struggling on how to get this to work.

Last edited by rhbegin; 07-27-2012 at 01:14 PM. Reason: can post the ssl.conf & my httpd.conf config files as well
 
Old 07-27-2012, 03:36 PM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,568

Rep: Reputation: 411Reputation: 411Reputation: 411Reputation: 411Reputation: 411
You would need to create a duplicate virtual host for the :443 connection, you can put this in your ssl.conf. I used to work for GoDaddy so this is like a blast from the past heh.


Code:
<VirtualHost _default_:443>
DocumentRoot "/path/to/your/site"
ServerName "www.yourdomain.com"
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl/mydomain.name.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl/www_mydomain.name.key
SSLCertificateChainFile /etc/httpd/conf/ssl/gd_bundle.crt
</VirtualHost>
You can update the paths on the files ot wherever you upload them to, I usually recommend creating another folder like /etc/httpd/conf/ssl/ to store them in to keep it organzied.
 
Old 07-27-2012, 03:38 PM   #3
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,568

Rep: Reputation: 411Reputation: 411Reputation: 411Reputation: 411Reputation: 411
Just a note, that SSL installs are a pain in the butt and you will have to re-install it every time you renew or purchase a new one. If you are planning on keeping the site I would buy one thats good for a few years so you don't have to go through this again next year.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] 'invalid method in request' - Apache & SSL on Centos scottmusician Linux - Server 6 09-14-2011 11:38 PM
SSL Apache client certificate - CentOS 5 - How to install ? dlugasx Linux - Server 1 09-23-2010 10:11 AM
Apache with SSL does not load the 2nd SSL certificate janstapel Linux - Newbie 1 06-17-2010 09:32 PM
Apache SSL untrusted certificate keysorsoze Linux - Server 4 10-08-2008 08:36 PM
2 certificate ssl in 1 server apache simquest Linux - Software 2 07-24-2002 11:47 AM


All times are GMT -5. The time now is 08:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration