Difference between revisions of "Apache 2 - SSL certificates page"
| Line 84: | Line 84: | ||
You can also check the URL bar: | You can also check the URL bar: | ||
| − | [[File:SSL_security_alert_2.png| | + | [[File:SSL_security_alert_2.png|400px|SSL non secure website (2)]] |
==Download file== | ==Download file== | ||
| − | + | ||
| − | + | Download the '''Authority of certification''' file: | |
| − | + | ||
| − | Installation | + | [[File:SSL_save_certificates.png|400px|SSL download AC]] |
| − | Go to Google Chrome > Settings > Show advanced settings > | + | |
| − | + | ||
| − | + | ||
| − | Enable “check for server certificate revocation” | + | ==Installation (Google Chrome)== |
| − | Click on manage certificates... | + | |
| − | + | Go to Google Chrome > Settings > Show advanced settings > HTTPS/SSL | |
| − | Click on “Trusted root Certification Authorities” > Import...Choose the file to import (myCA.pem) | + | |
| − | + | [[File:SSL_G_chrome_installation_1.png|400px|Google chrome installation (1)]] | |
| − | + | ||
| + | * Enable '''“check for server certificate revocation”''' | ||
| + | * Click on ''manage certificates...'' | ||
| + | |||
| + | |||
| + | |||
| + | Now you should have a new screen. Click on '''“Trusted root Certification Authorities”''' > Import... | ||
| + | |||
| + | |||
| + | [[File:SSL_G_chrome_installation_2.png|400px|Google chrome installation (2)]] | ||
| + | |||
| + | Choose the file to import (myCA.pem) | ||
| + | * .pem are not displayed by default, but they can be used | ||
| + | * Trust the certificates | ||
| + | |||
Restart Google Chrome | Restart Google Chrome | ||
Check result | Check result | ||
After Google Chrome restart, go back to https://myServer/certs | After Google Chrome restart, go back to https://myServer/certs | ||
Everything is OK now! | Everything is OK now! | ||
Revision as of 14:51, 8 June 2014
Contents
Setup website to send local CA and server certificates
This required to have a secure web server up and running.
- See SSL server
- See Apache 2
Preparation
Create dedicated folder
mkdir -p /var/www/myServer/ssl
touch /var/www/myServer/ssl/index.html
Create Web page
<html>
<head>
<title>Certificates list</title>
</head>
<body>
<h1>Certificates list</h1>
<hr/>
<h2>Certification Authority</h2>
<p>
Authority of certification:
<a href="https://serverURL/ssl/cacerts.pem ">root certificate</a>
</p>
<h2>Servers certificates</h2>
<p>Click on the following links to download sub-servers certificates</p>
<ul>
<li>
<a href=" https://serverURL/sslserverName.p12">my server</a>
</li>
</ul>
</body>
</html>
Copy files
cp /srv/ssl/cacerts.pem /var/www/myServer/ssl/
cp /srv/ssl/export/serverName.p12 /var/www/myServer/ssl/Update rights
chown -R www-data:www-data /var/www/myServer/ssl
chmod 755 -R /var/www/myServer/ssl
Installation on client computer
Access SSL page
Go to 'https://myServer/ssl' >> As the certificate is not installed yet you'll see the following alert:
Example of alert on Google chrome (click “proceed anyway”)
=>For now this website is presume to be non-secured.
You can also check the URL bar:
Download file
Download the Authority of certification file:
Installation (Google Chrome)
Go to Google Chrome > Settings > Show advanced settings > HTTPS/SSL
- Enable “check for server certificate revocation”
- Click on manage certificates...
Now you should have a new screen. Click on “Trusted root Certification Authorities” > Import...
Choose the file to import (myCA.pem)
- .pem are not displayed by default, but they can be used
- Trust the certificates
Restart Google Chrome Check result After Google Chrome restart, go back to https://myServer/certs Everything is OK now!
