Tagged: web development Toggle Comment Threads | Keyboard Shortcuts

  • Elmer Masters 3:43 pm on July 12, 2016 Permalink
    Tags: , , , web development   

    Testing Piwik https://piwik.org/ for self-hosted analytics is going well. Integrates easily with Drupal, provides clear and easy to follow reports. Looking forward to a wider roll out.

  • Elmer Masters 4:01 pm on October 15, 2015 Permalink
    Tags: , , , web development   

    Setting up Apache 2.4 to use https only 

    With a free SSL certificate in hand from StartSSL we need to configure Apache to use the certificate and serve up all content using HTTPS. The examples below are for Apache 2.4.x. Older versions will require some slight adjustments.

    Start by moving the necessary keys and certificates to the server. I use SFTP to do this sort of thing, transferring the contents of the folder I saved the files in when generating the certificate. Create a directory for the files like /etc/apache2/ssl/ on the server. Make note of what you called the directory, you’ll need that info later.

    With the files in place it’s time to move on to configuring Apache. Apache needs some modules to deal with SSL and other security settings. Make sure that the ssl, rewrite, headers, and env modules are enabled in your Apache config. Restart Apache to get the new modules running.

    I recommend using the Mozilla SSL Configuration Generator to generate a skeleton virtual host config file. You tell it what version of Apache you have and it gives you a block of text that will get you started. Add the copied text the default.conf file in Apache this will add the SSL virtual host to the default configuration of the web server. Yes, the file will have 2 virtual hosts in it, one listening at port 80 and one at port 443. That’s ok. Edit the pasted text to point to the files you uploaded to the server. Add the same path and directory information you have in the port 80 virtual host into the 443 virtual host. This assures that both servers are looking in the same spot for the same things. Save the file and restart Apache for it to take affect.

    At this point you should be able to access the same content at either http:// or https://. The final step is to redirect all http:// traffic to https:// so only encrypted traffic is served. This requires editing the default.conf file one more time. This time you’ll make changes to the port 80 virtual host by commenting out all of the lines that follow the ServerName and ServerAdmin directives. Then add the line Redirct permanent / https://site.name/ to the virtual host conf file and save the file. Restart Apache one more time. Now accessing http:// will redirect you right to https:// so you have only secure access to your site.

  • Elmer Masters 7:20 pm on October 14, 2015 Permalink
    Tags: , web development   

    Getting a free SSL certificate from StartSSL 

    StartSSL provides free of charge SSL certificates that are good for one year and require that you verify your email address and control over the domain. This is a big money saverif you want to bring https to your website.

    First verify your email account and generate a client certificate for your browser. This is the lowest level of verification but it is sufficient and pretty straight forward. You can use this identity to generate any number of certificates for the next 30 days. After that you’ll need to verify your email again.

    Once you have this set up and are logged in to the site you’ll need to verify the domain you want to generate the certificate for. Hit the validations wizard tab and enter the domain name. Only top level domains work, no subdomains. Next you’re presented with a list of email to use for domain verification. Select one that you can access right away. Click continue and await the arrival of the verification email.

    Grab the verification code in the email that was sent and enter it in the verification code box on the complete validation page and click on continue. You should see the validation success message. Once a domain is validated you can use the validation for 30 days to generate certificates. Click finish to close the process.

    Now we’re ready to generate a certificate. Hit the certificates wizard tab to get started. Select Web Server SSL/TLS Certificate from the dropdown and hit continue. The first step here is to generate the private key for your certificate. Please note that If you created your own private key and certificate request (CSR), you can skip this step. Otherwise enter a key password twice hit continue.

    Please note that you need to keep this password somewhere or you won;t be able to decrypt the key you’re about to generate. I highly recommend that use a password tracker like KeePass to generate and store a strong password for this.

    StartSSL will present you with a private key. Copy the text being careful not to add any spaces or lines to the text. Use a simple text editor to save the private key as ssl.key. I like to create a folder with the domain name to save this and the other files needed to get SSL going on the web server.

    At this point the key is encrypted and you’ll need the password to decrypt it for use with the web server. For me the easiest way to do this is to go to the folder where you saved ssl.key and decrypt the private key with the OpenSSL utility: openssl rsa -in ssl.key -out ssl.key.d. This works well on Linux and OSX. StartSSL also provides a tool for decrypting the key but I’ve had mixed results with it.

    Once you’ve decrypted the key hit continue to add a domain and generate the actual certificate. Just select your domain and hit continue. You will be prompted to add the subdomain for the certificate. In most cases that will be www. Hitting continue shows you the information gathered so far and prompts for one more click on continue to generate the certificate.

    Finally we get to the SSL certificate! As with the private key you’ll need to copy the text carefully and use a text editor to save the file as ssl.cert. In addition you need to save the intermediate and root CA certificates for the installation at your server using Save As… in your browser.

    With everything saved you can hit the finalize button to finish up. Now you have all you need to get SSL up and running on your web server. Coming next are instruction on getting it all working on Apache 2.4.

Compose new post
Next post/Next comment
Previous post/Previous comment
Show/Hide comments
Go to top
Go to login
Show/Hide help
shift + esc