| Author |
|
higgy187
Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville
|
 Posted: Sun 28 Jul '19 11:29 Post subject: SSL certificate into Apache ? |
 |
|
I have apache 2.4. I was able to get it up and running.
C:\Apache24\bin>httpd.exe -t
Syntax OK
I have a .key and .csr file in the C:\Apache24\bin which is where openssl put those when I was done. I got everthing else done. I have two more files I downloaded when certificate was approved x.509 is one of them and it called the other apachebundle both are .crt. Now im lost not sure what to do now. where do these files go and what changes to config files do I need to make. do I need to port forward port 443. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
| Posted: Mon 29 Jul '19 14:59 Post subject: |
|
|
You need to add a vhost for port 443. And if you use a router you need to forward port 443.
| Code: |
<VirtualHost *:80>
ServerName example.com
DirectoryIndex index.html
CustomLog "C:\nul" common
DocumentRoot "C:/htdocs"
<Directory "C:/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName example.com
DirectoryIndex index.html
CustomLog "C:\nul" common
DocumentRoot "C:/htdocs"
<Directory "C:/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile conf/certs/fullchain.pem
SSLCertificateKeyFile conf/certs/privkey.pem
<Files ~"\.(cgi|shtml|phtml|php|htm|html?)$>
SSLOptions +StdEnvVars
</Files>
</VirtualHost>
|
|
|
| Back to top |
|
higgy187
Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville
|
| Posted: Mon 29 Jul '19 21:16 Post subject: |
|
|
awesome thanks, what do I do with the two .crt files, and where in the hppd.conf does the virtual host need to go.
I forwarded the port and both 80 and 443 are open. I also noticed that example has a vh for 80 do I need that also. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
| Posted: Tue 30 Jul '19 8:41 Post subject: |
|
|
The crt file for SSLCertificateFile
and the key file SSLCertificateKeyFile |
|
| Back to top |
|
higgy187
Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville
|
| Posted: Tue 30 Jul '19 22:16 Post subject: |
|
|
| James Blond wrote: | The crt file for SSLCertificateFile
and the key file SSLCertificateKeyFile |
TYVM I got it working with that information. The only thing left now is to ask how would I go about getting it to only run secured. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
| Posted: Wed 31 Jul '19 8:25 Post subject: |
|
|
In the port vhost add
| Code: |
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
make sure that you load / enable mod_rewrite for that.
Also recommended for the SSL config
| Code: |
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1
|
|
|
| Back to top |
|
higgy187
Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville
|
| Posted: Wed 31 Jul '19 9:24 Post subject: |
|
|
got it all added everything is running.
when I added all this what exactly did I do
| James Blond wrote: | In the port vhost add
| Code: |
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
|
make sure that you load / enable mod_rewrite for that.
Also recommended for the SSL config
| Code: |
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1
|
|
|
|
| Back to top |
|
higgy187
Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville
|
| Posted: Tue 06 Aug '19 12:08 Post subject: SSL |
|
|
When I try to go to this site it say
Forbidden
You don't have permission to access / on this server.
| Code: |
Listen 80
Listen 443
<VirtualHost *:80>
ServerName thebible.mynoxapater.com
DirectoryIndex index.html
CustomLog "C:\nul" common
DocumentRoot "C:/htdocs"
<Directory "C:/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName thebible.mynoxapater.com
DirectoryIndex index.html
CustomLog "C:\nul" common
DocumentRoot "C:/htdocs"
<Directory "C:/htdocs">
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
SSLEngine on
SSLCertificateFile conf/certs/x509.crt
SSLCertificateKeyFile conf/certs/thebible.key
SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1
<Files ~"\.(cgi|shtml|phtml|php|htm|html?)$>
SSLOptions +StdEnvVars
</Files>
</VirtualHost>
|
|
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
| Posted: Tue 06 Aug '19 16:00 Post subject: |
|
|
| Is there an index.html? If you have a different file change the DirectoryIndex |
|
| Back to top |
|
higgy187
Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville
|
| Posted: Wed 07 Aug '19 0:49 Post subject: file |
|
|
| James Blond wrote: | | Is there an index.html? If you have a different file change the DirectoryIndex |
index
type of file. HTML Document (.html)
location. C:\Apache24\htdocs |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7442
Location: EU, Germany, Next to Hamburg
|
| Posted: Wed 07 Aug '19 8:15 Post subject: |
|
|
| What is in the apache error log about that? |
|
| Back to top |
|
gene2
Joined: 08 Aug 2019
Posts: 2
|
| Posted: Thu 08 Aug '19 18:42 Post subject: |
|
|
| Is you DocumentRoot "C:/htdocs" or "C:\Apache24\htdocs"? |
|
| Back to top |
|
