PC & IT SUPPORT MADE EASY FORUM
Would you like to react to this message? Create an account in a few clicks or log in to continue.
PC & IT SUPPORT MADE EASY FORUM

https://www.youtube.com/channel/UCXGv7Bzk5TTLG3Q5u9u1ZWA


How to setup multiple SSL cirtificates

PC & IT SUPPORT MADE EASY FORUM :: Linux / Ubuntu Help

Go down

How to setup multiple SSL cirtificates Empty How to setup multiple SSL cirtificates

Post by jamied_uk 10th December 2013, 23:34

Code:
mkdir -p /etc/apache2/ssl/example.com


mkdir -p /etc/apache2/ssl/example.org



Step Two— Activate the SSL Module

The next step is to enable SSL on the droplet.

Code:
sudo a2enmod ssl



Follow up by restarting Apache.


Code:
sudo service apache2 restart



Step Three—Create a Self Signed SSL Certificate

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.


The line below yo upaste then delete - from near the -out and retype the - manually then press enter.
Code:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com/apache.key –out /etc/apache2/ssl/example.com/apache.crt



With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.

This command will prompt terminal to display a lists of fields that need to be filled in.

The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:webmaster@awesomeinc.com

Then go ahead and take the same steps for the second (example.org) domain:

Code:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.org/apache.key -out /etc/apache2/ssl/example.org/apache.crt



Step Four—Create the Virtual Hosts

Once you have the certificates saved and ready, you can add in your information in the virtual host files.

Although it’s not required, we can create two virtual host files to store virtual host information in separate files, copying the configuration from the default virtual host file.

Code:
sudo nano /etc/apache2/sites-available/example.com


sudo nano /etc/apache2/sites-available/example.org



Go ahead and open up each file and paste in the configuration below.

This configuration is a simplified version of two separate configuration files: the default virtual server configuration file found at /etc/apache2/sites-available/default and the default SSL configuration located in /etc/apache2/sites-available/default-ssl.

Additionally, this configuration includes an important change that facilitates multiple SSL certificates.

Whereas the default SSL configuration has the following line, specifying a certificate as the default one for the server,


the configuration below does not have a reference to a default certificate. This is key.

Overall, the default configuration files offer a variety of useful directives and additional configuration options that you can add to the virtual host. However, the following information will provide the server everything it needs to set up multiple SSL certificates on one IP address.

ServerAdmin webmaster@localhost
ServerName example.com
DocumentRoot /var/www







ServerAdmin webmaster@localhost
ServerName example.com
DocumentRoot /var/www

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key




There are a few lines in these configuration files that need to be customized.

  • ServerAdmin: This is simply your webmaster’s email address
  • ServerName: This is your domain name. Make sure that you write it in without a prepended www.
  • DocumentRoot: This is the directory where you keep your site information. Currently it points to the apache default directory. You will probably have different server roots for the 2 different virtual hosts.
  • SSLCertificateFile: This directive points to the location of the certificate file. The certificate for each site is stored in the directory that we created earlier in the tutorial.
  • SSLCertificateKeyFile : This directive points to the location of the certificate key. The certificate key for each site is stored in the directory that we created earlier in the tutorial.



Set up both domains’ configurations. We still have more step before the separate SSL certificates will work on both servers.
Step Five—Edit the ports.conf file

The final step required to make sure that multiple certificates work on one VPS is to tell the server to listen on port 443. Add the bolded line to the apache ports configuration file.

Code:
sudo nano /etc/apache2/ports.conf




NameVirtualHost *:80
NameVirtualHost *:443

Listen 80


# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 443



Listen 443


Step Six—Activate the Virtual Hosts

The last step is to activate the hosts. Apache makes activating and deactivating hosts very easy.
sudo a2ensite example.com
sudo a2ensite example.org

(You can deactivate virtual hosts with the command:
Code:
sudo a2dissite example.com


With all of the virtual hosts in enabled, restart apache.

Code:
sudo service apache2 restart



You should now be able to access both sites, each with its own domain name and SSL certificate.

You can view the sites both with and without the signed SSL certificates by typing in just the domain (eg. example.com or example.org) or the domain with the https prefix (https://example.com or https://example.org).
jamied_uk
jamied_uk
Admin

Posts : 2951
Join date : 2010-05-09
Age : 41
Location : UK

https://jnet.sytes.net

Back to top Go down

Back to top

- Similar topics

PC & IT SUPPORT MADE EASY FORUM :: Linux / Ubuntu Help

 
Permissions in this forum:
You cannot reply to topics in this forum