<-[[.:start]] ====== SSL Install on VPS ====== I decided to bite the bullet and obtain an SSL certificate and install it on this VPS, and configure Apache2 to use HTTPS instead of plain HTTP. I used Fasthost again to obtain the SSL certificate, and some of their instructions were a little dodgy regarding the steps to install it and get Apache to work with SSL. I managed in the end though. ''gm4slv.org.uk'' now has a SSL certificate and connections to port 80 HTTP will be automatically redirected to port 443 HTTPS. == == The steps with Apache (ignoring the process of obtaining the certificates): There are 3 certificate files: - ''*.key'' is generated on the VPS itself with openssl req -new -newkey rsa:2048 -nodes -keyout gm4slv.org.uk.key -out gm4slv.org.uk.csr - the signed ''*.crt file'' obtained from the signing authority via FastHost (it's the gm4slv.org.uk.csr key signed by the authority's key) - the "intermediate" file obtained from the signing authority via FastHost (this is the "chain of authority" file?) Once the keys are to hand: - copy the 3 certificate files to a directory on the VPS. I used ''/usr/local/ssl/'' - tell Apache where to find the keys: * add to ''default-ssl.conf'' virtual host site file * ''SSLCertificateFile /usr/local/ssl/signed.crt'' * ''SSLCertificateKeyFile /usr/local/ssl/gm4slv.org.uk.key'' * ''SSLCertificateChainFile /usr/local/ssl/ca.pem'' - add ssl mod to Apache: a2enmod ssl - make symbolic link in ''sites-enabled'' pointing to ''sites-available/default-ssl.conf'' - restart apache - open VPS firewall port 443 in FastHost control panel - browse to https://gm4slv.org.uk - set up redirect of plain HTTP to SSL HTTPS by adding to ''000-default.conf'' ServerName gm4slv.org.uk ServerAlias www.gm4slv.org.uk Redirect permanent / https://gm4slv.org.uk/ - restart apache Job Done {{:server:screenshot_2022-05-04_22.00.14.png?direct&400|}} {{tag>ssl apache vps}}