Changes between Version 13 and Version 14 of faq/security/setup-certificate

Aug 15, 2016, 9:41:53 AM (5 years ago)
Jamie McClelland



  • faq/security/setup-certificate

    v13 v14  
    23= Configure your web site to use an x509 (aka SSL or https) certificate =
    4 Once you have [wiki:faq/security/get-certificate obtained a security certificate] from a certificate authority, you can start using by:
     5The process of using an https enabled web site is fully handled in the members control panel:
    6  1. Add a new https web config that includes the following:
    7 {{{
    8 #SSL Stuff
    9 SSLEngine On
    10 SSLCertificateFile /path/to/certificate/file.crt
    11 SSLCertificateKeyFile /path/to/key/file.key
    12 SSLCertificateChainFile /path/to/key/intermediate.crt
    13 }}}
    14  2. Don't forget to include the DocumentRoot related inscriptions to the new web config:
    15 {{{
    16 DocumentRoot /home/members/name/sites/
    17 CustomLog /home/members/name/sites/ combined
    18 ErrorLog /home/members/name/sites/
    19 ScriptAlias /cgi-bin /home/members/name/sites/
    20 }}}
     7 * Log in via:
     8 * Choose the "Web Configuration" section
     9 * Edit your web configuration and change the "Port" field to "auto"
    22  3. Add a `*` to the IP field of your web configuration.  We use a method called [ Server Name Indication].  Though if you would prefer your own IP address you may request it.
     11== How does it work? ==
     13You have several options when choosing to configure your web sites.
    25 If you are replacing your key and certificate, you should already have a web config with this information - you will only need to change the path to the keys and certificates, replacing the paths to your old files with the path to your newly generated files.
     15=== auto ==
     17The best option is to use "auto." When your web site is configured to use auto, then:
     19 * A [ letsencrypt] certificate will be automatically generated at no cost for all the domains in your web configuration (both Server Name and Server Alias).
     20 * This certificate will be automatically updated every three months
     21 * All requests sent via http will be automatically redirected to https
     23=== http ===
     25If you prefer,  you can opt instead to have an http-only site by choosing http.
     27=== https ===
     29You may also wish to use your own certificates, in which case select "https" and specify the `SSLEngine On`, `SSLCertificateKeyFile`, and `SSLCertificateFile` parameters in your configuration that point to the appropriate files. Use this option if you don't want an http site at all.
     31=== Both http and https ===
     33You can also choose to have a different web configuration for http and https or control the redirecting in a more fine-tuned way.