If you have sensitive data on your site, you may want to install an SSL Certificate to make it more secure. Here is a brief tutorial being on AWS EC2 Ubuntu instance on how to set it up.
My server settings are Apache2 and Ubuntu 9.x
1. Login to ssh/terminal on your server
2. Enable SSL for WebServer(Apache2)
sudo a2enmod ssl
3. Create the server SSL Key
sudo bash
On Ubuntu this changes you to the root user as you cannot access the directory on the next step.
cd /etc/ssl/private
openssl genrsa -des3 -out myserver.com.key 2048
Make sure its 2048 and not 1024 bit as this would be required later on GoDaddy.
Enter keyphrase
5. Create the CSR (Certificate Service Request) to be entered on GoDaddy
openssl req -new -key myserver.com.key -out myserver.com.csr
Upon enter it will ask you for several things but make sure that under Common Name you put your website url (myserver.com). (GoDaddy will throw an error if it is not a correct website)
6. View the CSR and Copy. Paste it later to your GoDaddy SSL Certificate Management
7. On GoDaddy SSL Certificate Management make a Request and choose Third Party, Web Server no Control Panel. And Paste the CSR code.
a. Upon Submit you would get the approval. It would check that your domain registry and administrative contacts to verify.
b. If it cannot be verified via the domain registry, you will be emailed a code that you need to create as a file and upload to your server instead.
8. Install your certificate gd_bundle.crt and myserver.com.crt to your server. Upload them to the server and install. Back to shell
mv gd_bundle.crt /etc/ssl/gd_bundle.crt
mv myserver.com.crt /etc/ssl/certs/myserver.com.crt
9. Edit the default Apache2 values at /etc/apache2/sites-available/default. Create a new virtualhost
NameVirtualHost *:443
DocumentRoot /var/www/
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/myserver.com.crt
SSLCertificateKeyFile /etc/ssl/private/myserver.com.key
SSLCertificateChainFile /etc/ssl/gd_bundle.crt
10. Make sure Apache2 to listen on port 443, edit the /etc/apache2/ports.conf
Under
Listen 443
10. Restart Apache
/etc/init.d/apache2 restart
If all went well you should be able to access https
For EC2 make sure Port 443 is enabled as well on the AWS Console
11. Then to force redirect users to https create an htaccess file and upload to your root www folder
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.myserver.com/$1 [R,L]
This article provides a great historical perspective of what can go wrong in a cloud deployment leveraging highly publicized case studies. Great research in putting this post together.Â
Thanks.
Please change “Ssudo a2enmod SSL” to “sudo a2enmod ssl”
thanks for pointing that out Josh, modified. Note that its case sensitive.
I have a question: What if I only have a subdomain of amazon (or azure, or any hosting service) and I want to secure it? Would the single domain certificate work?
as far as I know, it should secure it. As certificates are issued on top level domain, subdomains should be covered.
Loved the instructions. i followed it to the t and it worked perfect.
Thanks so much for this post! I had everything right but still it wasn’t working and I was tired of having scrapped through every possible website. What I didn’t realize was happening was the ‘Listen’ on port update. I thought that since the module was loaded , it should take that configuration. Most of the documentation just mentioned updating the NamedVirtualHost. Anyway, thanks a ton for this post!
[…] Used this guide to install SSL for Ubuntu 10:Â http://blog.lopau.com/installing-godaddy-ssl-on-an-ec2-ubuntu-instance-in-aws/ […]