Difference between revisions of "Apache 2 - SSL certificates page"

 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
[[Category:Linux]]
 +
 +
 
=Setup website to send local CA and server certificates=
 
=Setup website to send local CA and server certificates=
  
Line 40: Line 43:
 
   <ul>
 
   <ul>
 
     <li>
 
     <li>
         <a href=" https://serverURL/sslserverName.p12">my server</a>
+
         <a href=" https://serverURL/ssl/serverName.p12">my server</a>
 
     </li>
 
     </li>
 
   </ul>
 
   </ul>
Line 74: Line 77:
 
Go to 'https://myServer/ssl' >> As the certificate is not installed yet you'll see the following alert:
 
Go to 'https://myServer/ssl' >> As the certificate is not installed yet you'll see the following alert:
  
[[File:SSL_security_alert_1.png|none|SSL non secure website (1)]]
+
[[File:SSL_security_alert_1.png|500px|SSL non secure website (1)]]
  
 
''Example of alert on Google chrome (click “proceed anyway”)''
 
''Example of alert on Google chrome (click “proceed anyway”)''
Line 84: Line 87:
 
You can also check the URL bar:
 
You can also check the URL bar:
  
[[File:SSL_security_alert_2.png|400px|SSL non secure website (2)]]
+
[[File:SSL_security_alert_2.png|600px|SSL non secure website (2)]]
  
  
Line 115: Line 118:
 
* .pem are not displayed by default, but they can be used
 
* .pem are not displayed by default, but they can be used
 
* Trust the certificates
 
* Trust the certificates
 +
 +
Do the same for '''Trusted publisher'''
 +
 +
 +
 +
 +
Then you should download the server certificate and add it into the "server" tab.
 +
 +
 +
  
 
Restart Google Chrome
 
Restart Google Chrome
Check result
+
 
After Google Chrome restart, go back to https://myServer/certs
+
 
 +
 
 +
==Check result==
 +
 
 +
After Google Chrome restart, go back to 'https://myServer/ssl'
 +
 
 +
 
 +
Notice the URL bar:
 +
 
 +
[[File:SSL_OK.png|500px|SSL OK]]
 +
 
 +
 
 
Everything is OK now!
 
Everything is OK now!

Latest revision as of 17:05, 10 June 2014


Setup website to send local CA and server certificates

This required to have a secure web server up and running.


Preparation

Create dedicated folder

mkdir -p /var/www/myServer/ssl
touch /var/www/myServer/ssl/index.html


Create Web page

<html>

<head>
   <title>Certificates list</title>
</head>

<body>
   <h1>Certificates list</h1>
   <hr/>

   <h2>Certification Authority</h2>
   <p>
      Authority of certification:
      <a href="https://serverURL/ssl/cacerts.pem ">root certificate</a>
   </p>

   <h2>Servers certificates</h2>
   <p>Click on the following links to download sub-servers certificates</p>
   <ul>
     <li>
        <a href=" https://serverURL/ssl/serverName.p12">my server</a>
     </li>
   </ul>
</body>

</html>


Copy files

cp /srv/ssl/cacerts.pem /var/www/myServer/ssl/
cp /srv/ssl/export/serverName.p12 /var/www/myServer/ssl/

Update rights

chown -R www-data:www-data /var/www/myServer/ssl
chmod 755 -R /var/www/myServer/ssl



Installation on client computer

Access SSL page

Go to 'https://myServer/ssl' >> As the certificate is not installed yet you'll see the following alert:

SSL non secure website (1)

Example of alert on Google chrome (click “proceed anyway”)


=>For now this website is presume to be non-secured.


You can also check the URL bar:

SSL non secure website (2)


Download file

Download the Authority of certification file:

SSL download AC


Installation (Google Chrome)

Go to Google Chrome > Settings > Show advanced settings > HTTPS/SSL

Google chrome installation (1)

  • Enable “check for server certificate revocation”
  • Click on manage certificates...


Now you should have a new screen. Click on “Trusted root Certification Authorities” > Import...


Google chrome installation (2)

Choose the file to import (myCA.pem)

  • .pem are not displayed by default, but they can be used
  • Trust the certificates

Do the same for Trusted publisher



Then you should download the server certificate and add it into the "server" tab.



Restart Google Chrome


Check result

After Google Chrome restart, go back to 'https://myServer/ssl'


Notice the URL bar:

SSL OK


Everything is OK now!