Changes between Version 13 and Version 14 of faq/security/setup-certificate


Ignore:
Timestamp:
Aug 15, 2016, 9:41:53 AM (5 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • faq/security/setup-certificate

    v13 v14  
    11[[TranslatedPages]]
     2
    23= Configure your web site to use an x509 (aka SSL or https) certificate =
    34
    4 Once you have [wiki:faq/security/get-certificate obtained a security certificate] from a certificate authority, you can start using by:
     5The process of using an https enabled web site is fully handled in the members control panel:
    56
    6  1. Add a new https web config that includes the following:
    7 {{{
    8 #SSL Stuff
    9 SSLEngine On
    10 SSLCertificateFile /path/to/certificate/file.crt
    11 SSLCertificateKeyFile /path/to/key/file.key
    12 SSLCertificateChainFile /path/to/key/intermediate.crt
    13 }}}
    14  2. Don't forget to include the DocumentRoot related inscriptions to the new web config:
    15 {{{
    16 DocumentRoot /home/members/name/sites/example.net/web
    17 CustomLog /home/members/name/sites/example.net/logs/web.log combined
    18 ErrorLog /home/members/name/sites/example.net/logs/error.log
    19 ScriptAlias /cgi-bin /home/members/name/sites/example.net/cgi-bin
    20 }}}
     7 * Log in via: https://members.mayfirst.org/cp
     8 * Choose the "Web Configuration" section
     9 * Edit your web configuration and change the "Port" field to "auto"
    2110
    22  3. Add a `*` to the IP field of your web configuration.  We use a method called [https://en.wikipedia.org/wiki/Server_Name_Indication Server Name Indication].  Though if you would prefer your own IP address you may request it.
     11== How does it work? ==
    2312
     13You have several options when choosing to configure your web sites.
    2414
    25 If you are replacing your key and certificate, you should already have a web config with this information - you will only need to change the path to the keys and certificates, replacing the paths to your old files with the path to your newly generated files.
     15=== auto ==
     16
     17The best option is to use "auto." When your web site is configured to use auto, then:
     18
     19 * A [https://letsencrypt.org/ letsencrypt] certificate will be automatically generated at no cost for all the domains in your web configuration (both Server Name and Server Alias).
     20 * This certificate will be automatically updated every three months
     21 * All requests sent via http will be automatically redirected to https
     22
     23=== http ===
     24
     25If you prefer,  you can opt instead to have an http-only site by choosing http.
     26
     27=== https ===
     28
     29You may also wish to use your own certificates, in which case select "https" and specify the `SSLEngine On`, `SSLCertificateKeyFile`, and `SSLCertificateFile` parameters in your configuration that point to the appropriate files. Use this option if you don't want an http site at all.
     30
     31=== Both http and https ===
     32
     33You can also choose to have a different web configuration for http and https or control the redirecting in a more fine-tuned way.