Skip to main content
Skip table of contents

Configure SSL on Apache

Requirements

  1. Private key from CA like for your domain i.e. *.igrafxdemo.com
  2. Intermediate keyfile i.e. igrafxdemo_intermediate.crt

Note the above filenames are for visualization only, you need to use your own key and intermediate files.

Steps

Convert the .pfx file using OpenSSL.

CODE 
openssl pkcs12 -in igrafxdemo_wildcard.pfx -clcerts -nokeys -out igrafxdemo.com.cer
openssl pkcs12 -in igrafxdemo_wildcard.pfx -nocerts -nodes  -out igrafxdemo.com.key

 

Move them to the apache machine into the appropriate folder.

CODE 
sudo mkdir /etc/apache2/ssl
sudo mv ~/igrafxdemo.com.cer /etc/apache2/ssl/
sudo mv ~/igrafxdemo.com.key /etc/apache2/ssl/
sudo mv ~/igrafxdemo_intermediate.crt /etc/apache2/ssl/

 

Enable the SSL module on apache, we also enable the rewrite module as we want all http traffic to be routed to https.

CODE 
sudo a2enmod ssl
sudo a2enmod rewrite
sudo service apache2 restart

 

Open the SSL configuration file

CODE 
sudo vi /etc/apache2/mods-available/ssl.conf

 

Change SSLCipherSuite and SSLProtocol paramteres to the following values.

CODE 
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"
SSLProtocol all -SSLv3

 

Open a proxy configuration file.

CODE 
sudo vi /etc/apache2/sites-available/igxus.igrafxdemo.com.conf

 

Change your configuration to match the rewrite and SSL changes.

 

BASH 
<VirtualHost *:81>
        ServerAdmin beta@igrafx.com
        ServerName igxus.igrafxdemo.com
        RewriteEngine On
        RewriteCond %{HTTPS} off
        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        ErrorLog ${APACHE_LOG_DIR}/error_proxy_IGXUS.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access_proxy.log combined
</VirtualHost>
<VirtualHost *:443>
        ServerAdmin beta@igrafx.com
        ServerName igxus.igrafxdemo.com
        ProxyPass /icons !
        ProxyPass /logs !
        SSLEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off
        SSLProxyEngine On
        SSLCertificateChainFile /etc/apache2/ssl/igrafxdemo_intermediate.crt
        SSLCertificateFile /etc/apache2/ssl/igrafxdemo.com.cer
        SSLCertificateKeyFile /etc/apache2/ssl/igrafxdemo.com.key
        ProxyRequests     Off
        ProxyPreserveHost Off
        <Proxy */manager/*>
                Order deny,allow
                Deny from all
                Allow from 50.43.107.10
        </Proxy>
        ProxyPass / http://172.16.250.174:8080/
        ProxyPassReverse / http://172.16.250.174:8080/
</LocationMatch>
        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>
        ErrorLog ${APACHE_LOG_DIR}/error_proxy_IGXUS_SSL.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/access_proxy_SSL.log combined
</VirtualHost>

 

Reload the configuration to take effect.

CODE 
sudo service apache2 reload restart

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close