Difference between revisions of "Apache 2 - SSL certificates page"

Line 74: Line 74:
 
Go to 'https://myServer/ssl' >> As the certificate is not installed yet you'll see the following alert:
 
Go to 'https://myServer/ssl' >> As the certificate is not installed yet you'll see the following alert:
  
[[File:SSL_security_alert_1.png|none|SSL non secure website (1)]]
+
[[File:SSL_security_alert_1.png|500px|SSL non secure website (1)]]
  
 
''Example of alert on Google chrome (click “proceed anyway”)''
 
''Example of alert on Google chrome (click “proceed anyway”)''
Line 84: Line 84:
 
You can also check the URL bar:
 
You can also check the URL bar:
  
[[File:SSL_security_alert_2.png|400px|SSL non secure website (2)]]
+
[[File:SSL_security_alert_2.png|600px|SSL non secure website (2)]]
  
  
Line 117: Line 117:
  
 
Restart Google Chrome
 
Restart Google Chrome
Check result
+
 
After Google Chrome restart, go back to https://myServer/certs
+
 
 +
 
 +
==Check result==
 +
 
 +
After Google Chrome restart, go back to 'https://myServer/ssl'
 +
 
 +
 
 +
Notice the URL bar:
 +
 
 +
[[File:SSL_OK.png|600px|SSL OK]]
 +
 
 +
 
 
Everything is OK now!
 
Everything is OK now!

Revision as of 14:53, 8 June 2014

Setup website to send local CA and server certificates

This required to have a secure web server up and running.


Preparation

Create dedicated folder

mkdir -p /var/www/myServer/ssl
touch /var/www/myServer/ssl/index.html


Create Web page

<html>

<head>
   <title>Certificates list</title>
</head>

<body>
   <h1>Certificates list</h1>
   <hr/>

   <h2>Certification Authority</h2>
   <p>
      Authority of certification:
      <a href="https://serverURL/ssl/cacerts.pem ">root certificate</a>
   </p>

   <h2>Servers certificates</h2>
   <p>Click on the following links to download sub-servers certificates</p>
   <ul>
     <li>
        <a href=" https://serverURL/sslserverName.p12">my server</a>
     </li>
   </ul>
</body>

</html>


Copy files

cp /srv/ssl/cacerts.pem /var/www/myServer/ssl/
cp /srv/ssl/export/serverName.p12 /var/www/myServer/ssl/

Update rights

chown -R www-data:www-data /var/www/myServer/ssl
chmod 755 -R /var/www/myServer/ssl



Installation on client computer

Access SSL page

Go to 'https://myServer/ssl' >> As the certificate is not installed yet you'll see the following alert:

SSL non secure website (1)

Example of alert on Google chrome (click “proceed anyway”)


=>For now this website is presume to be non-secured.


You can also check the URL bar:

SSL non secure website (2)


Download file

Download the Authority of certification file:

SSL download AC


Installation (Google Chrome)

Go to Google Chrome > Settings > Show advanced settings > HTTPS/SSL

Google chrome installation (1)

  • Enable “check for server certificate revocation”
  • Click on manage certificates...


Now you should have a new screen. Click on “Trusted root Certification Authorities” > Import...


Google chrome installation (2)

Choose the file to import (myCA.pem)

  • .pem are not displayed by default, but they can be used
  • Trust the certificates

Restart Google Chrome


Check result

After Google Chrome restart, go back to 'https://myServer/ssl'


Notice the URL bar:

SSL OK


Everything is OK now!