Register now or log in to join your professional community.
ServerAdmin
DocumentRoot /var/www/domain.com
SSLEngine on
Is also required
Regards,
Noman
Since you have not shared specifically which webserver, i will put information that helps you relate to your requirement.
https is setup on webservers like apache, IIS, iplanet or serverlet container like tomcat, glassfish or full fledged application server like Jboss, Weblogic, WAS etc. (to keep this simple where ever i reference webserver i mean apache web server).
Some Conceptually
requirements before you plan SSL Implementation:
a) An SSL certificate - Either a self-signed certificate using openssl utility on (Linux, Unix) or bought via3rd party sellers like verizon, thwate, tata etc , It can either be a per site basis ssl certificate like for www.someorg.com or a wild card ssl certificate applicable to www.someorg.com as well as all subdomains at someorg.com usually referred as *.someorg.com . SSL could be128 or256 bit encrypted, choose256 bit if your organization can afford it.
b) An IP Address : In any corporate web hosting environment there are generally many internal websites which often run on a single IP Address using Name based virtual hosting, which means the webserver has only one IP and multiple aliases point to it, this way it is cost effective for the company , basically single IP address accepts requests for www.hr.someorg.com, www.payslip.someorg.com as well as www.someorg.com, once request arrives at application layer of webserver in question, the webserver reads the http header of the request received from enduser and based on HTTP GET string sent by enduser request is forwarded to respective name alias. So far so good but when we need SSL to be enabled please remember the SSL protocol(apache implementation upto2.4) support only IP based hosting, which means to be able to apply a valid ssl certificate the webserver must have a valid ip address.
c)dns entry : whatever IP address one plans to use on a web server for SSL or for general must have a valid dns record entry for the same on the corporate's primary dns server, for example you plan to use10.36.12.10 for www.someorg.com than an 'A' Type dns record must be created , please note there is also a dns record replication time which is set at dns server configuration file and is applicable to every new or modified entry on dns, so after you do such changes please expect the TTL (Time to Live) delay set by your primary dns.
d) test hostname to ip address and ip address to hostname resolution beforehand - if this does not work go back to step C and validate , you can use utilities like nslookup on windows or unix or dig on unix/linux to test this functionality.
Once you are through requirements and things to remember, it is only below steps that you need to perform. please note these steps are in context with apache web server (if you need something else, ask explicitly)
0) stop webserver
1) load SSL module
2) Enable SSL usage
4)define what port SSL will work on
5) path to certificate and certificatekey file
6) start webserver, if you envounter any error refer error_log or whatever logfile is set on your webserver configuration.
example
Listen443
<VirtualHost *:443>
ServerName www.someorg.com
SSLEngine on
SSLCertificateFile /path/to/www.someorg.com.cert
SSLCertificateKeyFile /path/to/www.someorg.com.key
</VirtualHost>
goodluck hasan.