Setting up ssl on apache2 for https on ubuntu 12.4 Droplet

April 15, 2014 2.1k views
Background: Confused virtual server vs non-vertual server My http LAMP is up and running fine. I did get certificates from StartSSL! 1. Did you edit your Apache2 httpd.conf or ssl.conf file fror SSL server on Ubuntu 12.4 droplet? 2. Can you give me an example of your exact addition to the file for Ubuntu 12.4 you made like this example from SartSSL: https://www.startssl.com/?app=21 3. Ubuntu dose not use /usr/local/apache can you tell me what you used? XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX These instructions came from StartSSL. https://www.startssl.com/?app=21 To configure a default SSL/TLS aware virtual server, you should add at least the following lines to your httpd.conf or ssl.conf file. I am not doing virtual servers just one website do you do it the same way regardless? LoadModule ssl_module modules/mod_ssl.so Listen 443 DocumentRoot /home/httpd/private ErrorLog /usr/local/apache/logs/error_log TransferLog /usr/local/apache/logs/access_log SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /usr/local/apache/conf/ssl.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key SSLCertificateChainFile /usr/local/apache/conf/sub.class1.server.ca.pem CustomLog /usr/local/apache/logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" I know the basics of encryption and how it works but not how to install a Certificate on a server. Unfortunate it seems I need some had holding. Here is a list of the file name I got from StartSSL: Files I have to work with I got from StartSSL: First three are exports from browser-client to get back into StartSSL site: Builtin Object Token:StartCom Certification AuthorityFiles I have to work with-first three are exports from browser-client certificates to get into StartSSL Builtin Object Token:StartCom Certification Authority Builtin Object Token:StartCom Certification Authority Builtin Object Token:StartCom Certification Authority G2 Others I got from signing up ssl.crt ssl.key Downloaded from install apachee instructions on the StartSSL site: https://www.startssl.com/?app=21 ca.pem sub.class1.server.ca.pem
2 Answers
The lines:

SSLCertificateFile /usr/local/apache/conf/ssl.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key
SSLCertificateChainFile /usr/local/apache/conf/sub.class1.server.ca.pem

assume you downloaded the files to those locations. Just replace them with the paths you really used. For instance if you put them in /etc/apache2/ it would look like:

SSLCertificateFile /etc/apache2/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl.key
SSLCertificateChainFile /etc/apache2/sub.class1.server.ca.pem

There's a tutorial that should show you how to get your StartSSL cert working with Apache:

https://www.digitalocean.com/community/articles/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps
by Nik van der Ploeg
Our focus here is setting up Apache with a free signed SSL Cert on a VPS.
Thanks

https://www.digitalocean.com/community/articles/how-to-set-up-apache-with-a-free-signed-ssl-certificate-on-a-vps

This was what I was looking for. I was most of the way there signing @ StartSSL would have been easier if I had had this guide.

I used the rest to set up Apache
by Nik van der Ploeg
Our focus here is setting up Apache with a free signed SSL Cert on a VPS.
Have another answer? Share your knowledge.