Getting SSL certificate from Seller:
1.
Hit command openssl on windows command prompt at
windows server
2.
If no openssl command recognized install openssl
first.
4.
Fill the form and generate the command , copy
and paste the command in server command prompt and execute it
5.
This will generate websitename.csr and
websitename.key
6.
Upload the websitename.csr while purchasing the
ssl certificate
7.
Seller will give server.crt and bundle.crt
(maybe with different names)
8.
Keep the websitename.key which will be needed by
apache webserver.
Configuring Apache for SSL :
1. Install
apache of latest version with openssl .Check if extracted apache folder has mod_ssl and mod_rewrite .
2. Setup procedure for Apache with ssl :
a. Seller will give bundle.crt and server.crt as we
discuss earlier, store this in apache/conf folder .Put websitename.key also in
apache/conf folder.Rename websitename.key to server.key
b. Edit httpd.conf file located in conf folder of apache
i. Delete # sign in front of LoadModule ssl_module modules/mod_ssl.so
ii. Delete #sign in front of Include conf/extra/httpd-ssl.conf
c.
Edit httpd_ssl.conf located in conf/extra folder
of apache
i. Modify following section according to your need
<VirtualHost _default_:443>
ServerAdmin some@email.com
DocumentRoot "Your Root folder location"
ServerName www.domain.com:443
ServerAlias domain.com:443
ErrorLog
"logs/anyFile-error.log"
CustomLog "logs/anyFile-access.log" common
SSLEngine on
SSLCertificateFile
"C:/Program Files/Apache Software
Foundation/Apache2.2/conf/server.cert"
SSLCertificateKeyFile "C:/Program
Files/Apache Software Foundation/Apache2.2/conf/server.key"
</VirtualHost>
ii. Make sure that "SSLCertificateFile"
and "SSLCertificateKeyFile" are properly located.
3. Edit settings in windows advance firewall
setting
i. Modify ApacheWebserver port to any option or add
443 with 80 in inbound rules table
ii. Or you can add exception in windows firewall for
TCP port 443
4. Restart the apache webserver .
5. You may get an error while starting the apache
webserver, Read the Details from Error Log or can see the error in event viewer .
a. If the error is “Error: 185073780 error:0B080074:x509
certificate routines:X509_check_private_key:key values mismatch”
view
the certificate modulus using the following command:
openssl
x509 -noout -text -in certfile -modulus
view the key using the following command:
openssl
rsa -noout -text -in keyfile –modulus
If modulus are different reissue the request to
get server.crt.
b. Syntax error on line 51 of /usr/local/apache2/conf/extra/httpd-ssl.conf
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration
Uncoment the following line from httpd.conf by removing # sign and save it.
LoadModule ssl_module modules/mod_ssl.so .
c. Syntax error on line 76 of SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).
Uncoment the following line from httpd.conf by removing # sign and save it.
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
d. Apache may stop responding on http but respond on https or Apache hangs & needs restarting regularly due to commodo filter . Just add following lines
AcceptFilter http none
AcceptFilter https none
For more details please visit this Link
6. Hope this will help .
Configuring
ApacheWebServer with SSL to redirect to tomcat :
1.
Add following statement to httpd.conf and save .
JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator
SSL_CIPHER
JkCERTSIndicator
SSL_CLIENT_CERT
2.
Add following statement to httpd_ssl.conf and save it.
JkMountCopy On
JkMount /* ajp13
3.
Restart the Server , if still not working you
should add Listen 443 line in httpd.conf after Listen 80
Configuring
ApacheWebServer with SSL to redirect request from http to https :
a. Uncomment
the line LoadModule rewrite_module modules/mod_rewrite.so by removing # sign before
it in httpd.conf.
b. Add
following statements in httpd.conf for every page to redirect to https
automatically
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
c. Add
following statements in httpd.conf for single page to redirect to https
automatically
RewriteEngine On
RewriteRule ^apache-redirect-http-to-https\.html$
https://www.yoursite.com/apache-redirect-http-to-https.html [R=301,L]