Installation Of SSL Certificates For Apache Web Servers
|
For SSL Certificate Installation Apache Web server
Why you need security for your website
The Internet has created many new opportunities for
enterprises conducting on-line e-commerce. However, the many
security risks associated with conducting e-commerce have resulted in security becoming a major factor for online success or
failure.
Over the past 7 years, consumer magazines, industry bodies and security providers have educated the market on the
basics of web site hosting online security. The majority of consumers
now expect security to be integrated into any online service they use, as a result they expect any details they provide via the Internet
to remain confidential and integral. For many customers, the only time they will ever consider buying your products or services online
is when they are satisfied their personal data is secure.
This guide explains how you can utilize Bummer Hosting Solutions
SSL Certificates to activate the core security technology available on your
existing webserver. You will also learn how SSL allows you to protect your customer's data and provide visitors with proof
of your digital identity - essential factors in gaining confidence in your services and identity.
Using SSL Certificates to secure
your on-line transactions tells your customers you take their security seriously. They will visibly see that their online transaction will
be secure, confidential and integral and give them the confidence that you have removed the risk associated with trading over the
Internet. If you have an e-commerce shopping cart, you should
have it protected with an SSL certificate.
Using Security helps you realize the benefits of online commerce:
What is SSL?
Secure Sockets Layer, SSL, is the standard security technology for creating an encrypted link between
a web server and a browser. This link ensures that all data passed between the web server and browser remain private and integral.
SSL is an industry standard and is used by millions of web sites in the protection of their online transactions with their customers. In
order to be able to generate an SSL link, a web server requires an SSL Certificate.
When you choose to activate SSL on
your web-server you will be prompted to complete a number of questions about the identity of your website and your company. Your
web server then creates two cryptographic keys - a Private Key and a Public Key. Your Private Key is so called for a reason - it must
remain private and secure. The Public Key does not need to be secret and is placed into a Certificate Signing Request (CSR) - a data
file also containing your details. You should then submit the CSR during the SSL Certificate application process with Bummer Hosting
Solutions. We will validate your details and issue an SSL Certificate containing your details and allowing you to use SSL.
Your webserver will match your issued SSL Certificate to your Private Key. Your web server will then be able to establish
an encrypted link between the website and your customer's web browser.
For detailed application and installation
instructions please refer to section "Step by step instructions to set up SSL on your web server" of this guide.
Displaying the SSL secure padlock
The complexities of the SSL protocol remain invisible to your customers.
Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session
- the Padlock:
As seen by
users of Internet Explorer
Clicking on the Padlock displays your SSL Certificate and your details:
As seen by users of Internet
Explorer
All SSL Certificates are issued to either
companies or legally accountable individuals. Typically an SSL Certificate will contain your domain name, your company name, your
address, your city, your state and your country. It will also contain the expiry date of the Certificate and details of the Certification
Authority responsible for the issuance of the Certificate.
When a browser connects to a secure site it will retrieve the
site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it
is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to
the end user.
SSL benefits summary:
SSL Certificates are the most cost effective SSL Certificates
you can buy which include - Full validation conducted quickly - your SSL Certificate is issued within hours
- Telephone,
email, web support available during office hours.
- Over 99.3% browser compatibility
- 128 bit strong encryption
security
- Backed by warranties up to $10,000
- SSL Certificates provide you with the key to successfully using SSL
on your web server.
Step by step instructions to set up SSL on your Apache web server
There are three stages to setting up SSL on your Apache web-server:- Create a Certificate Signing Request (CSR)
- Apply on-line for CSR - SSL Certificates
- Installing your
Certificate
1. Generating a Certificate Signing Request (CSR)
A CSR is a file containing your certificate application information,
including your Public Key. Generate your CSR and then copy and paste the CSR file into the web form in the enrollment process:
Generate keys and certificate:
To generate a pair of private key and public Certificate Signing Request (CSR) for
a web server, use the following command:
open-SSl req -new -nodes -keyout myserver.key -out server.csr
This creates two files. The file myserver.key contains a private key; do not disclose this file to anyone. Carefully protect the
private key. In particular, be sure to backup the private key, as there is no means to recover it should it be lost. The private key is used
as input in the command to generate a Certificate Signing Request (CSR).
You will now be asked to enter details to be entered
into your CSR. What you are about to enter is what is called a Distinguished Name or a DN. For some fields there will be a default
value, If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) AU: GB
State or Province Name
(full name) [Some-State]: Yorks
Locality Name (eg, city): York
Organization Name (eg, company) [Internet Widgits Pty Ltd:
MyCompany Ltd
Organizational Unit Name (eg, section): IT
Common Name (eg, YOUR name)]: mysubdomain.mydomain.com
Email Address:
-----
Use the name of the webserver as Common Name (CN). If the domain name is mydomain.com
append the domain to the hostname (use the fully qualified domain name). The fields email address, optional company name
and challenge password can be left blank for a webserver certificate.
Your CSR will now have been created. Open the
server.csr in a text editor and copy and paste the contents into the online enrollment form when requested.
2. Applying for your SSL Certificate Online
Send Bummer Hosting Solutions your CSR. When you view your
CSR it will appear something like:
-----BEGIN NEW CERTIFICATE
REQUEST-----
MIIDVjCCAr8CAQAwezEdMBsGA1UEAxMUd3d3Lm15ZG9tYWlubmFtZS5jb20xDDAK
BgNVBAsT
A1dlYjEaMBgGA1UEChMRWW91ciBDb21wYW55IE5hbWUxEDAOBgNVBAcT
B015IENpdHkxETAPBgNVBAgTCE15IFN0
YXRlMQswCQYDVQQGEwJVUzCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAuev9LnSRX/6u5Iz7ckpt0IG4DwnA
F/lsksJ0
n5r9w1EK9Np5/OJEt72r5es3nie5rTKo3O4yvSLovkS0vqT+iOlEZvl5B4mXTEPw
fDLjEcwcNb8S
CJ4ArUAhHKJWHDKJHDKDA6587568gfhjfjFHGFHFhsgGHJGJjhhj
HFD^TGFrYTrYTrfGHI&DHJKDHkjwjkkg
AgcwCgYIKoZIhvcNHKJHFrytDETR$456
AwcwEwYDVR0lBAwwCgYIKwYBBQUHAwEwgf0GCisGAQQBgjcNAgIxge4w
gesCAQEe
WgBNAGkAYwByAG8AcwBvAGYAdAAgAFIAUwBBACAAUwBDAGgAYQBuAG4AZQBsAC67
QwByAHkAcAB0
AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgOBiQCq
EH3QppP7Ewuz6oh4EUXMbKdqieAcbQ52iFSX
qQ/n1xAtEpVUfjIM3exr42EhyYlr
lV7cpUKbSr/eQ6c/hjiUi17EpvleBBV0BkFWsWzJoShx0BmOKvDnKINNQC3J
ya+M
N/t9axyuCwdUYJiLglNnjcBLSxL/6hovXNDLuCLgMAAAAAAAAAAAMA0GCSqGSIb3
DQEBBQUAA4GBAEQT
6Pwj0BHeOUw+AR0GAT30q+1OYNkr341CouMC6M7KqlKgVZDV
tRes4uz1Yf8+WRCutVvDByrey+CdgzJzHvHqS6lA
j2swx8QadclVWOkZfH//k/KE
1MiOEb6c3Mp1ECorjIm+HRN20Qga+dnDBOowyRYn7Vz+NKar88mrJwk/
-----END
NEW CERTIFICATE REQUEST-----
Be sure to copy the CSR text in its entirety into the application form, including the:
-----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----
3. Installing your SSL Certificate
Copy your certificate to file. You will receive an email from Comodo Security
Services with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:
-----BEGIN CERTIFICATE-----
MIIDVjCCAr8CAQAwezEdMBsGA1UEAxMUd3d3L
m15ZG9tYWlubmFtZS5jb20xDDAK
BgNVBAsTA1dlYjEaMBgGA1UEChMRWW91ciBDb21wYW55IE5hbWUxEDAOBgN
VBAcT
B015IENpdHkxETAPBgNVBAgTCE15IFN0YXRlMQswCQYDVQQGEwJVUzCBnzANBgkq
hkiG9w0BAQEFA
AOBjQAwgYkCgYEAuev9LnSRX/6u5Iz7ckpt0IG4DwnAF/lsksJ0
n5r9w1EK9Np5/OJEt72r5es3nie5rTKo3O4
yvSLovkS0vqT+iOlEZvl5B4mXTEPw
fDLjEcwcNb8SCJ4ArUAhHKJWHDKJHDKDA6587568gfhjfjFHGFHFhsgGH
JGJjhhj
HFD^TGFrYTrYTrfGHI&DHJKDHkjwjkkgAgcwCgYIKoZIhvcNHKJHFrytDETR$456
AwcwEwY
DVR0lBAwwCgYIKwYBBQUHAwEwgf0GCisGAQQBgjcNAgIxge4wgesCAQEe
WgBNAGkAYwByAG8AcwBvAGYAdAAgA
FIAUwBBACAAUwBDAGgAYQBuAG4AZQBsAC67
QwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQB
kAGUAcgOBiQCq
EH3QppP7Ewuz6oh4EUXMbKdqieAcbQ52iFSXqQ/n1xAtEpVUfjIM3exr42EhyYlr
lV7cp
UKbSr/eQ6c/hjiUi17EpvleBBV0BkFWsWzJoShx0BmOKvDnKINNQC3Jya+M
N/t9axyuCwdUYJiLglNnjcBLSxL
/6hovXNDLuCLgMAAAAAAAAAAAMA0GCSqGSIb3
DQEBBQUAA4GBAEQT6Pwj0BHeOUw+AR0GAT30q+1OYNkr341Co
uMC6M7KqlKgVZDV
tRes4uz1Yf8+WRCutVvDByrey+CdgzJzHvHqS6lAj2swx8QadclVWOkZfH
//k/KE
1MiOEb6c3Mp1ECorjIm+HRN20Qga+dnDBOowyRYn7Vz+NKar88mrJwk/
-----END
CERTIFICATE-----
Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the
public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the
public key will be yourdomainname.crt.
It is recommended that you make the directory that contains the private key file
only readable by root.
Now, you install the Intermediate Certificates
You will need to install the chain certificates
(intermediates) in order for browsers to trust your certificate. As well as your SSL certificate (yourdomainname.crt) two other certificates,
named GTECyberTrustRootCA.crt and ComodoClass3SecurityServicesCA.crt, are also attached to the email from Comodo Security
Services.
Apache users will not require these certificates. Instead you can install the intermediate certificates using the
following 'bundle' method. In the Virtual Host settings for your site, in the httpd.conf file, you will need to complete the following:
Copy the below ca-bundle file to the same directory as httpd.conf(this contains all of the CA certificates).
-----BEGIN CERTIFICATE-----
MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAl
VTMRgwFgYD
VQQKEw9HVEUgQ29ycG9yYXRpb24xHDAaBgNVBAMTE0dURSBDeWJlclRydXN0IFJv
b3QwHh
cNOTYwMjIzMjMwMTAwWhcNMDYwMjIzMjM1OTAwWjBFMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcn
BvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
cnVzdCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQ
KBgQC45k+625h8cXyv
RLfTD0bZZOWTwUKOx7pJjTUteueLveUFMVnGsS8KDPufpz+iCWaEVh43KRuH6X4M
ypqfpX/1FZSj1aJGgthoTNE3FQZor734sLPwKfWVWgkWYXcKIiXUT0Wqx73llt/5
1KiOQswkwB6RJ0q1
bQaAYznEol44AwIDAQABMA0GCSqGSIb3DQEBBAUAA4GBABKz
dcZfHeFhVYAA1IFLezEPI2PnPfMD+fQ2qLvZ4
6WXTeorKeDWanOB5sCJo9Px4KWl
IjeaY8JIILTbcuPI9tl8vrGvU9oUtCG41tWW4/5ODFlitppK+ULdjG+BqX
H/9Apy
bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
-----END CERTIFICATE-----
-----BEGIN
CERTIFICATE-----
MIIEyDCCBDGgAwIBAgIEAgACmzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
cnVzdCBSb290MB4XDTAyM
DgyNzE5MDcwMFoXDTA2MDIyMzIzNTkwMFowgdwxCzAJ
BgNVBAYTAkdCMRcwFQYDVQQKEw5Db21vZG8gTGltaX
RlZDEdMBsGA1UECxMUQ29t
b2RvIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPVRlcm1zIGFuZCBDb25kaXRpb25
z
IG9mIHVzZTogaHR0cDovL3d3dy5jb21vZG8ubmV0L3JlcG9zaXRvcnkxHzAdBgNV
BAsTFihjKTIwMDIg
Q29tb2RvIExpbWl0ZWQxLDAqBgNVBAMTI0NvbW9kbyBDbGFz
cyAzIFNlY3VyaXR5IFNlcnZpY2VzIENBMIIBI
jANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAsR5gZuBDBp4naC8CmceI34Xr22Xs1Elnei4fzdwVLNYerP
KdRjpd
A8A9BSxaGA1ZJUKjcsCtKNKtPDHiSwf7XpjrqDPWabJanuosSaYmLkzwzKtA0qre
LE6Btbp7uFz
Qe71H9cAG0sDk10fbYkCvoRxRAxjbuNC7lMc8eeolZK4mGeE8Zkdn
kp17Vas0wnVu2SeOnYzwHdprnIYEopC1
6p2Mz/s5Q6jwGC2e9xkQLJwv4dCx/9dZ
xM1AMvnXgdtRHPJBUoFBsYO4yAn+mSJHgE+cy67gKNUcrHBHsCWro
ThCF2v6am6N
X3n49ikDMKRuRtSFXapAmTh22x4BfeUMpQIDAQABo4IBpzCCAaMwRQYDVR0fBD4w
PDA6oD
igNoY0a HR0cDovL3d3dy5wdWJsaWMtdHJ1c3Qu Y29tL2NnaS1iaW4vQ1JM
LzIwMDYvY2RwLmNybDAdBgNVH
Q4EFgQU9lIiFxUTCANZvxiVn0i0uen++GYwgZIG
A1UdIASBijCBhzBJBgoqhkiG+GMBAgEFMDswOQYIKwYBBQ
UHAgEWLWh0dHA6Ly93
d3cucHVibGljLXRydXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDA6BgwrBgEEAbIx
AQIBAwEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly9zZWN1cmUuY29tb2RvLm5ldC9D
UDBYBgNVHSMEUTBPoUmkRz
BFMQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENv
cnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJUcnVz
dCBSb290ggIBozArBgNV
HRAEJDAigA8yMDAyMDgyNzE5MDczMVqBDzIwMDUwMjIzMjM1OTAwWjAOBgNVHQ8B
Af8EBAMCAeYwDwYDVR0TBAgwBgEB/wIBADANBgkqhkiG9w0BAQUFAAOBgQC2p7B6
cYvgurOBHjYyeoYY1vGrTTk
IcQZaZ6BLAeUwQG2JtZ4VqrHH9ArGXA7pN96ol8fc
zs1x+3QCB9xfFScIUwd21LkG6cJ3UB7KybDCRoGAAK1Eql
zWINlVMr5WlvHqvaDj
vA2AOurM+5pX7XilNj1W6tHndMo0w8+xUengDA==
-----END
CERTIFICATE-----
Now, add the following line to SSL section of the httpd.conf (assuming /etc/httpd/conf is the directory to where you have copied the
ca.txt file). if the line already exists amend it to read the following:
SSLCACertificateFile /etc/httpd/conf/ca-bundle/ca.txt
If you are using a different location and
certificate file names you will need to change the path and filename to reflect your server. The SSL section of the updated
httpd confix file should now read similar to this example (depending on your naming and directories used):
SSLCertificate File /etc/ssl/crt/yourdomainname.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCACertificateFile /etc/httpd/conf/ca-bundle/ca_new.txt
Save your httpd.conf file and restart Apache.
|
|
Secure SSL Certificates |
  128-bit encryption
99.9% browser recognition
Fully validated
Secure socket layer
SSL warranty
Increase your sales
|
Merchant Accounts |
Accept credit cards
Visa and MasterCard
AMEX and Discover
Digital downloads
On-line e-commerce sales
Retail store sales
Very low rates
Authorize.net gateway
Lots of features
Real time processing
|
DRM Shopping Cart |
Easy to use
Highly configurable
Sell tangible hard goods
Sell videos with DRM
Sell electronic downloads
Sell digital downloads
Lock DRM to 1 computer
Track DRM activations
Prevent content sharing
Lots of features
Bummer Hosting required
|
Domain Web Hosting |
Disk space - 250Mb
Bandwidth - 5,000Mb
MySql databases - 1
Email accounts - 15
Free software - Yes
Real-time backup - Yes
|
Streaming Media Videos |
Windows Media
Tech support setup
Live video streaming
On-demand streaming
Video shopping cart
DRM shopping cart
Dedicated streaming servers
Chat and streaming cams
Video with audio
|
Flash Or Java Chat |
Flash chat pages
Java chat pages
Customize size
Embedded or floating
Moderate your chat
Channel admin and op
Emotions and avatars
Private messaging
Hosted on our servers
Use with streaming cams
Ban users
Website not required
|
Secure SSL Certificates |
128-bit encryption
99.9% browser recognition
Fully validated
Secure socket layer
SSL warranty
Increase your sales
|
Merchant Accounts |
Accept credit cards
Visa and MasterCard
AMEX and Discover
Digital downloads
On-line e-commerce sales
Retail store sales
Very low rates
Authorize.net gateway
Lots of features
Real time processing
|
Domain Web Hosting |
Disk space - 250Mb
Bandwidth - 5,000Mb
MySql databases - 1
Email accounts - 15
Free software - Yes
Real-time backup - Yes
|
Streaming Media Videos |
Windows Media
Tech support setup
Live video streaming
On-demand streaming
Video shopping cart
DRM shopping cart
Dedicated streaming servers
Chat and streaming cams
Video with audio
|
Recommend Us |
Tell you friends about the services we have to offer!
|
|
