Enabling SSL on a webserver using Godaddy Account

Prerequisites

  1. Godaddy Account

Open a terminal on your local machine & enter the following command

  • #openssl genrsa -out mydomain.com.key 2048
    #openssl rsa -text -noout -in mydomain.com.key
    #openssl req -new -key mydomain.com.key -out mydomain.com.csr

———————————— output ————————————–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Illinois
Locality Name (eg, city) []::Illinois
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ABC
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:*.mydomain.com
Email Address []:unnisathya88@gmail.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
———————————————————————————

#####################################
CONTENTS IN THIS BLOCK FOR REF ONLY

To create a self signed Certificate —(Not required if we are using Godaddy Account we could use Godaddy for Certificate Authority.)

  • #openssl x509 -req -days 365 -in mydomain.com.csr -signkey mydomain.com.key -out mydomain.com.crt

—output—-
Signature ok
subject=/C=US/ST=Illinois/L=:Illinois/O=ABC/OU=IT/CN=www.mydomain.com
Getting Private key
—————-
The above command will generate a self signed certificate. (a .crt file)  – think this not required —— only the .csr file has importance here.!!!!
######################################

Purchase the ssl certificate from godaddy, copy paste the .csr file on to the site and get the .ca and .crt file accordingly and upload the same to the webservers (under ELB).!!!

Purchasing a SSL Certificate

Login Godaddy Account -> My Account -> Domain (select Domains) -> Click Add Services -> SSL Certificate -> Buy wildcard SSL Certificate -> Click No thanks

—— output ——–
Standard Wilcard SSL         $199.99 (Qty-1)
———————–

Click Continue To Checkout -> Place Order Now

Instructions to request your certificate on GoDaddy

Download an SSL Certificate from GoDaddy  (you will get a mydomain.com.zip file)

Login to the Webservers

Edit – /etc/apache2/ports.conf to Uncomment – “Enable 443”

For the vast majority of people, the best way to install and manage Apache2 and its modules is via your distribution’s package management system. The Debian Apache2 web server comes with the SSL module available, but it is not automatically enabled. In order to enable it you must execute: a2enmod ssl and restart the web server.

  •  #mkdir /etc/apache2/ssl
     #scp -i sshkey mydomain.com.zip root@webservr:/etc/apache2/ssl/
     #scp -i sshkey mydomain.com.key root@webservr:/etc/apache2/ssl/

Now the add the following Virtual Host entry into the conf file (here it was /etc/apache2/sites-available/www.mydomain.com)

NameVirtualHost *:443
<VirtualHost *:443>
ServerName mydomain.com
ServerAlias http://www.mydomain.com
DocumentRoot /var/www
<Directory />
Options FollowSymLinks MultiViews +Indexes
AllowOverride None
</Directory>
<Directory /var/www>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory “/usr/lib/cgi-bin”>
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/https-error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/https-access.log combined

Alias /doc/ “/usr/share/doc/”
<Directory “/usr/share/doc/”>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

<IfModule mod_ssl.c>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/mydomain.com.key
SSLCACertificateFile /etc/apache2/ssl/sf_bundle.crt

</IfModule>
</VirtualHost>

If you want to redirect all the traffic coming to HTTP towards HTTPS put the following line within the above virtualhost entry or virtualhost entry listening for port 80 :

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

To Configure Complete Redirection to https://www.mydomain.com :
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</VirtualHost>

Use GoDaddy Intermediate Certificates to cover maximum browser compatibility.

Go Daddy Secure Server Certificate (Intermediate Certificate).

Test your SSL Installation !

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s