Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

How do we enable HTTPS in server?

user-image
Question added by Deleted user
Date Posted: 2014/04/26
NOMAN KHANZADA
by NOMAN KHANZADA , Technology System Controller , Qatar Airways

ServerAdmin

DocumentRoot /var/www/domain.com

SSLEngine on

 

Is also required

 

Regards,

Noman

Akash Dubey
by Akash Dubey , Senior Technical Lead , Fulcrum Software Worldwide Pvt. Ltd.

 

Since you have not shared specifically which webserver, i will put information that helps you relate to your requirement.

https  is setup on webservers  like apache, IIS, iplanet or serverlet container like tomcat, glassfish or full fledged application server like Jboss, Weblogic, WAS etc.  (to keep this simple where ever i reference webserver i mean apache web server).

 

Some Conceptually

requirements before you plan SSL Implementation: 

a) An SSL certificate  - Either a self-signed certificate using openssl utility on (Linux, Unix) or bought via3rd party sellers like verizon, thwate, tata etc , It can either be a per site basis ssl certificate like for www.someorg.com or a wild card ssl certificate applicable to www.someorg.com as well as all subdomains at someorg.com usually referred as *.someorg.com . SSL could be128 or256 bit encrypted, choose256 bit if your organization can afford it.

 

b) An IP Address : In any corporate web hosting environment there are generally many internal websites which often run on a single IP Address using Name based virtual hosting, which means the webserver has only one IP and multiple aliases point to it, this way it is cost effective for the company , basically single IP address accepts requests for www.hr.someorg.com, www.payslip.someorg.com as well as www.someorg.com,  once request arrives at application layer of webserver in question, the webserver reads the http header of the request received from enduser and based on HTTP GET string sent by enduser request is forwarded to respective name alias. So far so good but when we need SSL to be enabled please remember the SSL protocol(apache implementation upto2.4) support only IP based hosting, which means to be able to apply a valid ssl certificate the webserver must have a valid ip address.

 

c)dns entry : whatever IP address one plans to use on a web server for SSL or for general must have a valid dns record entry for the same on the corporate's primary dns server, for example you plan to use10.36.12.10 for www.someorg.com than an 'A' Type dns record must be created , please note there is also a dns record replication time which is set at dns server configuration file and is applicable to every new or modified entry on dns, so after you do such changes please expect the TTL (Time to Live) delay set  by your primary dns.

 

d) test hostname to ip address and ip address to hostname resolution beforehand - if this does not work go back to step C and validate , you can use utilities like nslookup on windows or unix or dig on unix/linux to test this functionality.

 

Once  you are through requirements and things to remember, it is only below steps that you need to perform. please note these steps are in context with apache web server (if you need something else, ask explicitly)

 

0) stop webserver

 

1) load SSL module

 

2) Enable SSL usage

 

4)define what port SSL will work on

 

5) path to certificate and certificatekey file

 

6) start webserver, if you envounter any error refer error_log or whatever logfile is set on your webserver configuration.

 

example 

Listen443

<VirtualHost *:443>

    ServerName www.someorg.com

    SSLEngine on

    SSLCertificateFile /path/to/www.someorg.com.cert

    SSLCertificateKeyFile /path/to/www.someorg.com.key

</VirtualHost>

 

 

 

 

 goodluck hasan.

 

More Questions Like This