Quick tips on how to setup SSL under LAMP stack + Laravel 4.2 PHP framework.
We need to get certificate itself. In order to run your webpage through HTTPS protocol, we will need 3 files:
This extensions (.key .crt etc.) can differ. In different guides i saw different extensions, like .pem or .ca, so dont worry about that.
1st and 2nd file we will generate on our server machine; 3rd and 4th file we will get from certification service.
So lets start! We need to open terminal and paste commands below (commands will be explained):
1. cd ~/Documents/SSL
SSL is a custom folder created by me. You can store your certification files wherever you want, I used path above.
2. sudo openssl genrsa -des3 -out private.key 2048
Generating "private.key" file with 2048 bit encryption. We will need this to generate our CSR (2nd file) and later, when we will setup apache virtual hosts.
3. sudo openssl req -new -key private.key -out server.csr
Generating "server.csr" file in order to get our certificate. While this step You will need to fill in some information, that system will request you:
In "Select the hash algorithm you would prefer us to use when signing your Certificate" choose anything you want.
Complete the registration. You will need to confirm your domain, because of that confirmation will be sent one one of your domain emails (like admin@yourdomain.com or webmaster@yourdomain.com).
When you will totally complete registration, certificate will be sent to your email in zip archive. This archive will contain 2 files: certificate file (.crt) and chain file (.ca-bundle). Dont ask me, why we need this .ca-bundle, just google it :)
5. Upload this 2 files on your server certificate directory (for me it was ~/Documents/SSL/)
6. Edit your apache virtual host, as now we'r going to use secured connection. You will need to create new secured virtual host:
To activate this virtual host
Besides your secured virtual host, you must have your regular virtual host with 80 port and without SSLEngine on etc.
9. Change your Laravel .htaccess text to text below, so it will redirect all regular http request to https
Thank you.
Here's an example: https://andymarrel.eu
We need to get certificate itself. In order to run your webpage through HTTPS protocol, we will need 3 files:
- SSL certificate private key file (.key)
- Certificate Signin Request (.csr)
- SSL certificate file (.crt)
- SSL chain file (.ca-bundle)
This extensions (.key .crt etc.) can differ. In different guides i saw different extensions, like .pem or .ca, so dont worry about that.
1st and 2nd file we will generate on our server machine; 3rd and 4th file we will get from certification service.
So lets start! We need to open terminal and paste commands below (commands will be explained):
1. cd ~/Documents/SSL
SSL is a custom folder created by me. You can store your certification files wherever you want, I used path above.
2. sudo openssl genrsa -des3 -out private.key 2048
Generating "private.key" file with 2048 bit encryption. We will need this to generate our CSR (2nd file) and later, when we will setup apache virtual hosts.
3. sudo openssl req -new -key private.key -out server.csr
Generating "server.csr" file in order to get our certificate. While this step You will need to fill in some information, that system will request you:
Country Name (2 letter code) [AU]: EE
State or Province Name (full name) [Some-State]: Harjumaa
Locality Name (eg, city) []: Tallinn
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Your Company Name Ltd
Organizational Unit Name (eg, section) []: IT
Common Name (eg, YOUR name) []: www.yourdomain.com
Email Address []: youremail@gmail.com
A challenge password []: (you can leave it blank)
An optional company name []: (you can leave it blank)
Of course you can edit all those fields as you want.
4. Now we'r going to http://www.comodo.com/e-commerce/ssl-certificates/free-ssl-certificate.php and registering our certificate. In order to get certificate, you will need to provide CSR, that we already generated. Opening server.csr with, for example, nano sudo nano server.csr (or gedit, or vim, or download it through filezilla etc.) and copy text in server.csr. It should look like:
-----BEGIN CERTIFICATE REQUEST-----In "Select the server software used to generate the CSR" field choose Apache-ModSSL (if you use LAMP stack, of course).
MIIDUDCCArkCAQAwdTEWMBQGA1UEAxMNdGVzdC50ZXN0LmNvbTESMBAGA1UECxMJ
TWFya2V0aW5nMREwDwYDVQQKEwhUZXN0IE9yZzESMBAGA1UEBxMJVGVzdCBDaXR5
(more encoded data).......
Rq+blLr5X5iQdzyF1pLqP1Mck5Ve1eCz0R9/OekGSRno7ow4TVyxAF6J6ozDaw7e
GisfZw40VLT0/6IGvK2jX0i+t58RFQ8WYTOcTRlPnkG8B/uV
-----END CERTIFICATE REQUEST-----
In "Select the hash algorithm you would prefer us to use when signing your Certificate" choose anything you want.
Complete the registration. You will need to confirm your domain, because of that confirmation will be sent one one of your domain emails (like admin@yourdomain.com or webmaster@yourdomain.com).
When you will totally complete registration, certificate will be sent to your email in zip archive. This archive will contain 2 files: certificate file (.crt) and chain file (.ca-bundle). Dont ask me, why we need this .ca-bundle, just google it :)
5. Upload this 2 files on your server certificate directory (for me it was ~/Documents/SSL/)
6. Edit your apache virtual host, as now we'r going to use secured connection. You will need to create new secured virtual host:
sudo cp /etc/apache2/sites-available/example.conf /etc/apache2/sites-available/yoursite.com.secured.confI dont actually remember name of the example.conf file, but you need to create copy of the virtual host, or just create new one with touch /etc/apache2/sites-available/yoursite.com.secured.conf
7. Add inside <VirtualHost> tag instuctions below, and dont forget to change virtual host port to 433:
SSLEngine on8. sudo a2ensite yoursite.com.secured.conf
SSLCertificateFile /home/ubuntu/Documents/SSL/your_domain.crt
SSLCertificateKeyFile /home/ubuntu/Documents/SSL/private.key
SSLCACertificateFile /home/ubuntu/Documents/SSL/your_domain.ca-bundle
To activate this virtual host
Besides your secured virtual host, you must have your regular virtual host with 80 port and without SSLEngine on etc.
9. Change your Laravel .htaccess text to text below, so it will redirect all regular http request to https
RewriteEngine On10. sudo service apache2 restart :)
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^(yourdomain.com)
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI}%{QUERY_STRING} [L,R]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
Thank you.
Here's an example: https://andymarrel.eu
This comment has been removed by a blog administrator.
ReplyDelete