Implimenting SSL/Certificate on Ubuntu
 

hi,

I am trying to use verisign certificate in ubuntu server.I have googled and know how to create keys, how to auto redirect http to https and have also figured out how to specify the path to certificate (.pem) file,but i am having a tough time in getting all in organised steps.
can some one please provide me the details of how a certificate and SSL functionality is implimented.
My requirement is
1.the paid certificate is implimented.
2.clients are automatically redirected to https when they write http in url.

I have got my certicate from verisign.

Thanks & regards

What web server are you using? Apache, Tomcat, JBoss, nginx, etc.?

Apache SSL with Virtual Hosts. In the examples *.cer files are the same as *.pem files but with a different extension.

For redirecting to https you would use either mod_alias or mod_rewrite. mod_alias is recommended by Apache in the document "When not to use mod_rewrite".

That's about as good of a response as you can get because you didn't outline any technical requirements and I don't know what servers you're using to provide said services. It's kind of confusing to say, "I already know how to do this stuff so tell me how to do it." I have no idea what you mean by that.

Unless you're asking how SSL works.

SAM

thanks for replying.pardon me,the post does looks confusing,let me phrase it again.

I have ubuntu Server 11.04 with apache installed.I have to do the following:
1.all http traffic should be redirected https.
2.we have a verisign certificate,that need to be installed on server.

My problem is I have got confused with the steps required to do the above.should I first create the keys or write code for the redirection?I mean there must be a proper way of doing this,which i dont know and need help with this.

Thanks & regards

Hmmm, well how it works is you have a virtualhost listening on port 80. If a user connects to port 80 then redirect to port 443 (https). The 443 Virtualhost would be where you specify the certificates. So as an overview you must

• enable virtual hosts for ports 80 and 443 (default http and https ports)
• redirect to port 443 if the user connects to 80 (i.e. the connection is unencrypted)
• encrypt the connection at port 443 (set up your certs). Your certificate should already be created and signed by a certificate authority before you can complete this step. If your certificates don't exist, then nothing can be encrypted.

This can be accomplished with some of the following configs for conf.d.

Where each code block presented above is a separate conf file in /etc/httpd/conf.d/. That's one way you *could* do it. Please note that I added some personal preferences for decisions such as allowed algorithms and ciphers along with any other design decisions (i.e. custom logging). This may not be the solution for you. As a system administrator you should take the time to become familiar with Apache, SSL, and the openssl tool kit because you put both yourself (reputation) and your servers (misconfiguration security flaws) at risk. If you're running a blog about cheese sandwiches then fine but if you're handling any kind of real data then heed my warning.

If you wanted to use mod_rewrite instead of mod_alias to do the redirection then you *could* accomplish it like so...
Each has their advantages and disadvantages but I won't get too in depth. One such advantage is mod_rewrite will redirect URL bread crumbs to their https equivalent.

SAM

Thanks Sam,
its exactly what i was looking for.I appreciate your effort.

regards