A Couple Of SSL Enquiries!

Forum Moderators: phranque

Message Too Old, No Replies

A Couple Of SSL Enquiries!

ssl

dannyg0

4:43 pm on Oct 30, 2006 (gmt 0)

Hello everyone.

I have just finished setting up a VPS Server to do some development, and I have a couple of questions regarding SSL and would be grateful for some help.

I have setup openSSL on my CentOS distro using

yum install openssl

and

yum install mod_ssl

The Webserver I'm using is Apache2.

Everything works fine, I can connect via https:// and so on, but, how do I change the properites of the SSL Certificate that people will see when they access the site? Like the Organisation Name etc etc.

Also, is it possible for someone who is trying to access, for example, [mydomain.com...] to be automatically redirected to [mydomain.com...] so that option of a non-SSL connection isn't available?

Many thanks!

Daniel.

dannyg0

9:05 am on Oct 31, 2006 (gmt 0)

I figured out how to redirect from http to https. Simply add the following lines of code to httpd.conf:


RewriteEngine on
RewriteCond %{SERVER_PORT}!443
RewriteRule (.*/your_directory_here) https://www.yourdomain.com/your_directory_here [R]

and replace "your_directory_here" with the directory you want redirected to https, and you MUST put in the FULL URL of where you want the user redirected to, including the HTTPS.

But I still would like to know how to change the properties of SSL Certificates if anyone could help me with that?

Thanks,

Daniel.

jtara

4:58 pm on Oct 31, 2006 (gmt 0)

You can't change the properties of SSL certificiates. You will have to get a new one. I am assuming you have a default certificate, "Snake Oil", etc...

If the site is just for your own use, you can just create a "self-signed" certificate. But it will not be useful in commerce, because others won't have the certificate-signing authority loaded in their browser, and won't trust your site.

You need to buy a certificate from a commercial certificate vendor - GoDaddy, Thawte, Verisign, etc.

Not sure if certificate vendors will re-issue certificates if your company name, etc. change, as I haven't encountered that situation.

Anyway, one of the basic ideas of a certificate is that it CANNOT be altered. It would defeat the purpose.

cduke250

4:06 am on Nov 4, 2006 (gmt 0)

Redirect non-https requests to https server fixing double-login problem and ensuring that htpasswd authorization can only be entered using HTTPS:

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com" 
ErrorDocument 403 https://google.com

NOTE: This code fixes the issue of having to type in the username and password twice.

This will check to make sure that the connection IS using SSL, or it will fail.
It will also check to make sure that the HOST is tirmassagestone.com or it will fail
If it fails, it will issue a 403 "Forbidden" which will redirect to [google.com ]

Redirect everything attached to port 80:

RewriteCond "%{SERVER_PORT}" "^80$"
RewriteRule "^(.*)$" "https://%{SERVER_NAME}$1" [R=301,L]

Redirect particular URLs to a secure version:

RewriteRule "^/normal/secure(/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Check to see whether the HTTPS environment variable is set:

RewriteCond %{HTTPS}!=on
RewriteRule "^(/secure/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Use the Redirect directive to cause a URL to be served as HTTPS:

Redirect / https://google.com/

Changing the scheme (SSL/noSSL) using relative URLs:

RewriteEngine on
RewriteRule ^/(.*):SSL$ https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/(.*):NOSSL$ http://%{SERVER_NAME}/$1 [R,L]

This lets you use hyperlinks of the form document.html:SSL

[edited by: jatar_k at 12:27 am (utc) on Nov. 21, 2006]
[edit reason] no urls thanks [/edit]