Setup SSL Server - Apache SSL

First of all, I would like to give full of thanks to Bro Saufi for transferring this knowledge :)

Ok.. Here we already subscribe Digicert.. You can choose any SSL certificate provider such as www.verisign.com, www.godaddy.com and etc...

There is wildcard cert and standart cer.. Later I will discuss on this issues. In this case, we are using wildcard cert where the cert will start with *.contoso.com

A) SSL Certificate CSR Creation
ref : http://www.digicert.com/csr-creation.htm

Before you can order your SSL Certificates, you must first generate a CSR (Certificate Signing Request) on your server:

Distinguished Name or DN

1. The Country (C) is a two-digit code -- for the United States, it's 'US'. For countries outside of the United States, see our listing of SSL Certificate Country Codes. 
2. State (S) and Locality (L) are full names, i.e. 'California', 'Los Angeles'. 
3. The Organization Name (O) is your Full Legal Company or Personal Name, as legally registered in your locality. 
4. The Organizational Unit (OU) is whichever branch of your company is ordering the certificate such as accounting, marketing, etc. -nil-
5. The Common Name (CN) is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate. (*.contoso.com.my)
6. email - nil ; password -nil 

B) OpenSSL CSR Creation for Apache SSL
1. Login to your server via your terminal client (ssh).
At the prompt, type:
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
where server is the name of your server.

You will get 2 files :
1. server.csr - this will be used/ copy to digicert
2. server.key - this will be used in client server. Put this files same path as stated in ee /usr/local/etc/apache22/extra/httpd-ssl.conf (search for : SSLCertificateKeyFile "/usr/local/etc/apache22/path/server.key")

C) Reissues Action
- applicable if we use wild card registration
1. Get duplicate

• Enter Your CSR
• paste key file server.csr (we get from before step)
• Select Your Server Software
• eg: Apache, IIS Microsoft, etc..
• Note
• purpose of server as note
• Click Button Process
• proceed the step

2. Then wait to download the files or you can received it through email notification. ( You will get zip files content :  star_contoso_com_my .crt  DigiCertCA.crt and INSTALL_INSTRUCTIONS.txt

SSLCertificateFile /your/path/to/star_contoso_com_my.crt
SSLCertificateKeyFile /your/path/to/star_contoso_com_my.key
SSLCertificateChainFile /your/path/to/DigiCertCA.crt

3. Check apache configuration
# apachectl configtest

4. Check httpd.conf
# ee /usr/local/etc/apache22/httpd.conf

uncomment
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf


5. Stop & Start Apache
#/usr/local/etc/rc.d/apache22 stop
#/usr/local/etc/rc.d/apache22 start

6. Now you should able to access you CAS server

https://servername/login

Done.

Install New Server Freebsd

1. boot the OS and install

• select non-boot -> 1 OS

2. Start to install port

• install apache, php ngan application ( eg: moodle)

3. Install dulu apache..

• #cd /usr/ports/www/apache22 -> path apache22
• #make config -> nih utk option dalam package
• #ee /usr/ports/www/apache22/Make file -> nih utk tgk version
• #make install clean ->nih untuk install

4. Install php

• #cd /usr/ports/lang/php5
• #make config ->jangan lupa select (X) apache (by default tak tick)
• #make install clean
• lepas install ;

-> akan kasitau "make sure index.php is a part of your Directory Index

AddType application/x-httpd-php.php

AddType application/x-httpd-php-source.php

1-> so, kena pi kat # ee /usr/local/etc/apache22/https.conf

^y (search = DirectoryIndex)

DirectoryIndex index.html index.php

2-> ^y (search = AddType)

pastekan AddType application/x-httpd-php.php

AddType application/x-httpd-php-source.php

---dsb (php.extension, moodle, ...etc)---

5. tukar few setting yek

1-> setting host

#ee /etc/hosts

ip servername@domain.edu.my servername

2-> setting virtual host

#cd /usr/local/etc/apache22/extra/httpd-vhost.conf

ServerAdmin username@domain.edu.my

DocumentRoot "/data/foldername"

ServerName servername.mediu.edu.my

ErrorLog "/var/log/httpd-error-form.log"

CustomLog "/var/log/httpd-access-form.log" common

6. Start Apache

# /usr/local/etc/rc.d/apache22 start -> utk start apache

restart -> utk restart

graceful -> utk update, so apache tak mati.

7. Few error troubleshoot

-> error forbidden

* tukar directory root (# ee /usr/local/etc/apache22/httpd.conf)

# This should be changed to whatever you set DocumentRoot to.

#

# "/usr/local/www/apache22/data">

-> tukar kat path yang kita letak shariha.php

->if there is anychange need to setup such as

Add the following to your Apache configuration, and restart the server:

### Add the AcceptPathInfo directive only for Apache 2.0.30 or later.

Alias /moodle /usr/local/www/moodle/

AcceptPathInfo On

AllowOverride None

Order Allow,Deny

Allow from all

AllowOverride None

Order Allow,Deny

Deny from all

this is need to be added either at httpd.conf or /usr/local/etc/apache22/extra/httpd-vhost.conf

8. Shared object libpcre.so.0 not found required by httpd

1. check httpd path 
# whereis httpd
2. check link shortcut already listed
#ldd /usr/local/sbin/httpd

eg :  libpcre.so.0 => not found

have to change this -> libpcre.so -> libpcre.so.3 to libpcre.so.0 -> libpcre.so.3

# ln -s libpcre.so.3 libpcre.so.0

Then ok.. :)