LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
Search this Thread
Old 06-10-2012, 10:27 PM   #1
phr3ak
LQ Newbie
 
Registered: May 2010
Posts: 8

Rep: Reputation: 0
Implimenting SSL/Certificate on Ubuntu


hi,

I am trying to use verisign certificate in ubuntu server.I have googled and know how to create keys, how to auto redirect http to https and have also figured out how to specify the path to certificate (.pem) file,but i am having a tough time in getting all in organised steps.
can some one please provide me the details of how a certificate and SSL functionality is implimented.
My requirement is
1.the paid certificate is implimented.
2.clients are automatically redirected to https when they write http in url.

I have got my certicate from verisign.

Thanks & regards
 
Old 06-11-2012, 11:24 AM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,459
Blog Entries: 35

Rep: Reputation: 363Reputation: 363Reputation: 363Reputation: 363
What web server are you using? Apache, Tomcat, JBoss, nginx, etc.?

Apache SSL with Virtual Hosts. In the examples *.cer files are the same as *.pem files but with a different extension.

For redirecting to https you would use either mod_alias or mod_rewrite. mod_alias is recommended by Apache in the document "When not to use mod_rewrite".

That's about as good of a response as you can get because you didn't outline any technical requirements and I don't know what servers you're using to provide said services. It's kind of confusing to say, "I already know how to do this stuff so tell me how to do it." I have no idea what you mean by that.

Unless you're asking how SSL works.

SAM

Last edited by sag47; 06-11-2012 at 11:32 AM.
 
Old 06-11-2012, 10:13 PM   #3
phr3ak
LQ Newbie
 
Registered: May 2010
Posts: 8

Original Poster
Rep: Reputation: 0
thanks for replying.pardon me,the post does looks confusing,let me phrase it again.

I have ubuntu Server 11.04 with apache installed.I have to do the following:
1.all http traffic should be redirected https.
2.we have a verisign certificate,that need to be installed on server.

My problem is I have got confused with the steps required to do the above.should I first create the keys or write code for the redirection?I mean there must be a proper way of doing this,which i dont know and need help with this.

Thanks & regards
 
Old 06-11-2012, 11:18 PM   #4
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,459
Blog Entries: 35

Rep: Reputation: 363Reputation: 363Reputation: 363Reputation: 363
Hmmm, well how it works is you have a virtualhost listening on port 80. If a user connects to port 80 then redirect to port 443 (https). The 443 Virtualhost would be where you specify the certificates. So as an overview you must
  • enable virtual hosts for ports 80 and 443 (default http and https ports)
  • redirect to port 443 if the user connects to 80 (i.e. the connection is unencrypted)
  • encrypt the connection at port 443 (set up your certs). Your certificate should already be created and signed by a certificate authority before you can complete this step. If your certificates don't exist, then nothing can be encrypted.

This can be accomplished with some of the following configs for conf.d.

Code:
NameVirtualHost *:80
NameVirtualHost *:443
Code:
<VirtualHost *:80>
  ServerName www.example.com
  Redirect / https://www.example.com/
</VirtualHost>
Code:
<VirtualHost *:443>
  SSLEngine on
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
  SSLCertificateFile /etc/httpd/ssl.crt/www.example.com.crt
  SSLCertificateKeyFile /etc/httpd/ssl.key/www.example.com.pem
  ServerName www.example.com
  
  DocumentRoot /var/www/domains/www.example.com
  <Directory "/var/www/domains/www.example.com">
    Options Indexes FollowSymLinks +ExecCGI
    Order allow,deny
    Allow from all
  </Directory>

  ErrorLog  /var/www/logs/www.example.com_error_log
  CustomLog /var/www/logs/www.example.com_access_log combined env=!dontlog
</VirtualHost>
Where each code block presented above is a separate conf file in /etc/httpd/conf.d/. That's one way you *could* do it. Please note that I added some personal preferences for decisions such as allowed algorithms and ciphers along with any other design decisions (i.e. custom logging). This may not be the solution for you. As a system administrator you should take the time to become familiar with Apache, SSL, and the openssl tool kit because you put both yourself (reputation) and your servers (misconfiguration security flaws) at risk. If you're running a blog about cheese sandwiches then fine but if you're handling any kind of real data then heed my warning.

If you wanted to use mod_rewrite instead of mod_alias to do the redirection then you *could* accomplish it like so...
Code:
<VirtualHost *:80>
  ServerName www.example.com
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</VirtualHost>
Each has their advantages and disadvantages but I won't get too in depth. One such advantage is mod_rewrite will redirect URL bread crumbs to their https equivalent.

SAM

Last edited by sag47; 06-11-2012 at 11:44 PM.
 
Old 06-12-2012, 10:24 PM   #5
phr3ak
LQ Newbie
 
Registered: May 2010
Posts: 8

Original Poster
Rep: Reputation: 0
Thanks Sam,
its exactly what i was looking for.I appreciate your effort.

regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Ubuntu mail server- ssl certificate how do i get it to be verified on Outlook inno_k Linux - Server 3 08-02-2011 03:01 PM
ssl certificate help Norse Linux - Security 4 07-01-2011 07:11 AM
How to import/use CAcert SSL root certificate to use SSL with Xchat IRC client? GrapefruiTgirl Linux - Software 9 04-05-2011 09:54 AM
Apache with SSL does not load the 2nd SSL certificate janstapel Linux - Newbie 1 06-17-2010 09:32 PM
ssl certificate renewal for vsftpd on ubuntu replica88 Linux - Server 2 04-14-2010 05:28 AM


All times are GMT -5. The time now is 10:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration