Installing a Verisign Root and Intermediate Certificate in Apache2

1.) Create your csr file and hand it over to Verisign, don’t make it password protected, leave the password empty.

2.) Run a2enmode ssl to enable SSL support in Apache. More info on setting up Apache for SSL can be found here.

3.) Put the key file in /ssl/private/.

4.) Put the root certificate you got from Verisign in /etc/ssl/certs

5.) Download the intermediate certificate and put it in the same folder as the root certificate.

6.) This is an example of what my domain.com virtual hosts file looks like:

<VirtualHost 256.256.256.256:443>
        ServerName domain.com
        ServerAlias www.domain.com
        ServerAdmin webmaster@domain.com
        DocumentRoot /path/to/htdocs

        SSLEngine on
        SSLOptions +StrictRequire
        SSLCertificateFile /etc/ssl/certs/rootcert.crt
        SSLCertificateKeyFile /etc/ssl/private/server.key
        SSLCertificateChainFile /etc/ssl/certs/intermediatecert.crt

        <Location />
                Options +Includes
        </Location>
</VirtualHost>

<VirtualHost 256.256.256.256:80>
        ServerName domain.com
        ServerAlias www.domain.com
        ServerAdmin webmaster@domain.com
        DocumentRoot /path/to/htdocs

        <Location />
                Options +Includes
        </Location>
</VirtualHost>

Note the paths to the certificates where SSLCertificateFile points to the root certificate, SSLCertificateChainFile points to the intermediate certificate and SSLCertificateKeyFile points to the key file.

Note that the site also accepts connections to port 80, this is because I want to be able to redirect from http to https. Here is what the pertinent lines in the .htaccess file looks like:

RewriteCond %{HTTP_HOST} ^domain.com$
RewriteRule ^/?(.*)$ "https\:\/\/www.domain\.com\/$1" [R=301,L]

The above is simply a redirect from domain.com to www.domain.com but with the extra https twist.

In combination with some PHP:

if($_SERVER['SERVER_PORT'] == 80){
        header("HTTP/1.1 301 Moved Permanently"); 
        header("Location: https://www.domain.com".$_SERVER['REQUEST_URI']); 
        header("Connection: close");
        exit;
}

The above PHP will redirect from http://www.domain.com to https://www.domain.com, ie it will kick in when the www is already there because in that case the lines in the .htaccess file won’t be effective.

To be honest, the reason I’ve mixed in PHP in this is that I couldn’t get that part of the redirection to work in the .htaccess file, it might very well be possible by someone more knowledgeable than me.

Related Posts

Tags: , ,

This entry was posted on Thursday, June 24th, 2010 at 8:20 am and is filed under Linux. Comments are currently closed.