Results 1 to 10 of 10

Thread: Install SSL

  1. #1
    Join Date
    Sep 2018
    Location
    Norway
    Posts
    10

    Default Install SSL

    Hi.

    I have tried many internet-solutions before I ask here....

    I have a hobby-server at home, I have a domain name, and everything is working great.
    But... I cant install SSL (https).

    I have bought a certificate from my internet provider, which I can se, or download as a zip file, to make the web site secure.
    But from this point I cant find the right solution to how to do it. Its so different from version to version i feel.


    Can anyone point me in the right direction to make this work? :-)

    Best regards from Roald, Norway.

  2. #2

    Default Re: Install SSL

    On 01/06/2019 04:26 AM, rsimonsen wrote:
    >
    > I have tried many internet-solutions before I ask here....


    It would help if you specified what those were, so we could either confirm
    they were valid and void them, or correct some steps in them. Provide a
    lot of details.

    > I have a hobby-server at home, I have a domain name, and everything is
    > working great.
    > But... I cant install SSL (https).


    Thanks for clarifying the HTTPS, as SSL does not make sense to generally
    be unable to install.

    > I have bought a certificate from my internet provider, which I can se,
    > or download as a zip file, to make the web site secure.
    > But from this point I cant find the right solution to how to do it. Its
    > so different from version to version i feel.


    The problem here is we still have no context. Version to version of what?
    Different openSUSE versions? Different web service (Apache httpd, nginx,
    node.js, etc.) versions? Different TLS/SSL versions?

    > Can anyone point me in the right direction to make this work? :-)


    Possibly, but we need to know more about your system, what its version is,
    what you have tried, the format of the file you were given, etc. It may
    also help to know how experienced you are with Linux and the web service
    you are using in general. Have you ever done this before? With which
    systems?

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  3. #3
    Join Date
    Sep 2018
    Location
    Norway
    Posts
    10

    Default Re: Install SSL

    This is the most cocky reply I have ever got.

    I am a new person in Linux, wanted some help and guidens, and I actually feel offended.
    Thanks for your help, will go back to Windows because of you.


    I know Linux people are smart, but a question from a new person should not be that difficult.

    Microsoft here I come!



    Quote Originally Posted by ab View Post
    On 01/06/2019 04:26 AM, rsimonsen wrote:
    >
    > I have tried many internet-solutions before I ask here....


    It would help if you specified what those were, so we could either confirm
    they were valid and void them, or correct some steps in them. Provide a
    lot of details.

    > I have a hobby-server at home, I have a domain name, and everything is
    > working great.
    > But... I cant install SSL (https).


    Thanks for clarifying the HTTPS, as SSL does not make sense to generally
    be unable to install.

    > I have bought a certificate from my internet provider, which I can se,
    > or download as a zip file, to make the web site secure.
    > But from this point I cant find the right solution to how to do it. Its
    > so different from version to version i feel.


    The problem here is we still have no context. Version to version of what?
    Different openSUSE versions? Different web service (Apache httpd, nginx,
    node.js, etc.) versions? Different TLS/SSL versions?

    > Can anyone point me in the right direction to make this work? :-)


    Possibly, but we need to know more about your system, what its version is,
    what you have tried, the format of the file you were given, etc. It may
    also help to know how experienced you are with Linux and the web service
    you are using in general. Have you ever done this before? With which
    systems?

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  4. #4
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    12,012
    Blog Entries
    3

    Default Re: Install SSL

    Quote Originally Posted by rsimonsen View Post
    This is the most cocky reply I have ever got.

    I am a new person in Linux, wanted some help and guidens, and I actually feel offended.
    I'm sorry you feel that way.

    You asked a very vague question, and ab was just asking for more details so that he could understand what you are trying to do.
    openSUSE Leap 15.1; KDE Plasma 5;

  5. #5

    Thumbs down Re: Install SSL

    Yea. Comon rsimonsen, ab was just trying to help you by asking clarifying questions as your post was missing important details. I, for one, am glad ab is willing to read posts like yours, take some time to respond and try to help. ab, don't give up on us! We appreciate you!

  6. #6
    Join Date
    Sep 2018
    Location
    Norway
    Posts
    10

    Default Re: Install SSL

    I'm sorry ab.

    Maybe I was explaining it wrong....
    Just need a little help or some guidence....

    As I said, Im new to Linux, so therefor I dont know all commands and all that.
    I want to learn it. Thats why I chose it. And I am the person who tries and failes until i get it. :-)

    Please give me the commands to get the output you need to help me, and I will post it to you.

    Again, sorry ab. Maybe it was ME who was rude. :-)

  7. #7
    Join Date
    Jun 2008
    Location
    Groningen, Netherlands
    Posts
    19,478
    Blog Entries
    14

    Default Re: Install SSL

    How did you setup the webserver. Stock openSUSE goes for the apache webserver. Since you state the website works, I assume apache. You can check this by
    Code:
    sudo systemctl status apache2.service
    Furthermore, you will have to add portforwarding for port 443 from your router to the server.

    Next, you will need a vhost for apache for port 443 and port 443 needs to be opened in the firewall

    The apache vhost should look like this, replace home.knurpht.nl by your domain, and the letsencrypt paths to where you store the cert.
    Code:
    <VirtualHost *:443>
     ServerName home.knurpht.nl
     SSLEngine on
        # Path to the LetsEncrypt created certificate fullchain.pem
     SSLCertificateChainFile /etc/letsencrypt/live/home.knurpht.nl/fullchain.pem
     SSLCertificateFile /etc/letsencrypt/live/home.knurpht.nl/cert.pem
        # Path to the LetsEncrypt created private key privkey.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/home.knurpht.nl/privkey.pem
     CustomLog /var/log/apache2/ssl_request_log   ssl_combined
     <Directory /srv/www/htdocs/home.knurpht.nl/>
      AllowOverride None
      Require all granted
     </Directory>
    </VirtualHost>
    ° Appreciate my reply? Click the star and let me know why.

    ° Perfection is not gonna happen. No way.

    https://en.opensuse.org/openSUSE:Board#Members
    http://en.opensuse.org/User:Knurpht
    http://nl.opensuse.org/Gebruiker:Knurpht

  8. #8
    Join Date
    Sep 2018
    Location
    Norway
    Posts
    10

    Default Re: Install SSL

    Hi.

    I havent used virtual host, just as it comes "from the bag"....
    So, a vhost is needed?

    Output is...

    srv1:~ # systemctl status apache2.service
    ● apache2.service - The Apache Webserver
    Loaded: loaded (/usr/lib/systemd/system/apache2.service; enabled; vendor preset: disabled)
    Active: active (running) since Mon 2019-01-07 20:13:57 CET; 4min 10s ago
    Main PID: 1706 (/usr/sbin/httpd)
    Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
    Tasks: 26
    CGroup: /system.slice/apache2.service
    ├─1706 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf ->
    ├─1772 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf ->
    ├─1773 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf ->
    ├─1775 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf ->
    ├─1776 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf ->
    └─1777 /usr/sbin/httpd-prefork -DSYSCONFIG -DSSL -C PidFile /var/run/httpd.pid -C Include /etc/apache2/sysconfig.d//loadmodule.conf -C Include /etc/apache2/sysconfig.d//global.conf -f /etc/apache2/httpd.conf -c Include /etc/apache2/sysconfig.d//include.conf ->

    Jan 07 20:13:52 srv1 systemd[1]: Starting The Apache Webserver...
    Jan 07 20:13:57 srv1 systemd[1]: Started The Apache Webserver.
    srv1:~ #



    Quote Originally Posted by Knurpht View Post
    How did you setup the webserver. Stock openSUSE goes for the apache webserver. Since you state the website works, I assume apache. You can check this by
    Code:
    sudo systemctl status apache2.service
    Furthermore, you will have to add portforwarding for port 443 from your router to the server.

    Next, you will need a vhost for apache for port 443 and port 443 needs to be opened in the firewall

    The apache vhost should look like this, replace home.knurpht.nl by your domain, and the letsencrypt paths to where you store the cert.
    Code:
    <VirtualHost *:443>
     ServerName home.knurpht.nl
     SSLEngine on
        # Path to the LetsEncrypt created certificate fullchain.pem
     SSLCertificateChainFile /etc/letsencrypt/live/home.knurpht.nl/fullchain.pem
     SSLCertificateFile /etc/letsencrypt/live/home.knurpht.nl/cert.pem
        # Path to the LetsEncrypt created private key privkey.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/home.knurpht.nl/privkey.pem
     CustomLog /var/log/apache2/ssl_request_log   ssl_combined
     <Directory /srv/www/htdocs/home.knurpht.nl/>
      AllowOverride None
      Require all granted
     </Directory>
    </VirtualHost>

  9. #9

    Default Re: Install SSL

    Hi,

    Quote Originally Posted by rsimonsen View Post
    Hi.

    I havent used virtual host, just as it comes "from the bag"....
    So, a vhost is needed?

    Output is...

    srv1:~ # systemctl status apache2.service
    There are two general approaches to this - either try to use the admin interface "yast2" or try to work with the files. I prefer the latter, so here are the steps you could take:

    Go and have a look at /etc/apache2/vhosts.d/vhost-ssl.template - you might want to copy that file to a new one with a unique name (like "www.yourdomain.org-ssl.conf", in the same directory and make sure the name ends in ".conf") and then adjust its content with values appropriate to your situation.

    From your output for "systemctl status apache2.service", I can see that SSL is already enabled (there's "-D SSL") - so restarting apache2 after creating the file might be sufficient. If the daemon won't restart, have a look at the log files in /var/log/apaches/* - usually, these will give you a clue on typical configuration file errors.

    Regards,
    J

  10. #10
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,640
    Blog Entries
    1

    Default Re: Install SSL

    When you want to set up SSL for your website, you can't just go buy a certificate from a CA. When you buy a certificate like that (just by asking for one), you usually get a client-side certificate which can be authorized for use in other things, but not to secure a website.

    You should understand that the procedure to obtain a SSL certificate is the same no matter what kind of webserver you have.
    You start off by setting up your non-secured website which can be done a number of different ways (YaST can help you do this on openSUSE if you're setting up an Apache webserver).
    You then generate a CSR (Certificate Signing Request) for that website.
    Depending on the practice and procedure of your CA, you will then either send the file to them or copy and paste the CSR contents into a form.
    The CA will then use your CSR to generate your SSL certificate and give that to you, which is then installed into your website on your webserver.

    So,
    I doubt you ever generated your CSR, so you didn't buy yourself something that will work for your website.
    You should also know that nowadays, there are projects that will generate an SSL certificate for you for free.
    You might also be interested in knowing that the only difference between an SSL certificate you might get from a commercial CA vs if you built your own private CA is that the commercial CAs are pre-authorized in all major web browsers by default while a private CA like one you can build yourself is not. That simple difference can cost commercial CAs enormous amounts of money for the simple privilege that website guests don't have to manually accept the SSL certificate the first time they visit your website.

    For instructions on generating your CSR, there are plenty of articles on the Internet, just search "apache generate csr"
    If you still have problems, post again with the link to the instructions you're following and a link to the CSR page at your CA.

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •