0

I've red many tutorials , some didn't have any dates, some were probably outdated, some were not clear on a few details... Right now I am confused. Spent all day on this.

I'm using ubuntu 16.04 / apache2 with some virtual hosts.

I got a ssl certificate, downloaded the files and uplodaded them. Got a bundle file and a .crt file. The key file was generated earlier in the process.

My first question I guess would be about the config file for the virtual host. Some tutorial said to use the file : default-ssl.conf which is inside : /etc/apache2/sites-available , and use it as a base.

Another tutorial said to include all details regarding the certificate inside the main domain-example.com.conf file.

So , should there be 2 files for one domain, file main-domain.com.conf for the :80 port and the other file which would be default-ssl.conf for the :443 port ?

My other question is about the syntax and the correct names for a few things. First, that part :

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>

Does VirtualHost _default_ need to be named like that, VirtualHost _default_? Or do I have to replace something ? The _default_ part looks strange.

My other question is about the correct name to use in the config file : SSLCACertificateFile or SSLCertificateChainFile

Also followed a tutorial from the hosting company, which said that the configuration file for the virtual host should have the IP of the server , so it looks like ( note the <VirtualHost 155.131.133.211:80> part ) :

<VirtualHost 155.131.133.211:80>
        ServerAdmin admin@sitexample.com
        ServerName sitexample.com
        ServerAlias www.sitexample.com
        DocumentRoot /var/www/html/sitexample.com/

Is that really the way to do it ? Because after trying different things all day, at some point, sitexample.com wasn't pointing to the correct website anymore with the correct path /var/www/html/sitexample.com/ , but instead to a page with "Index Of" as title it looked like the main IP server page.

mlclm
  • 169
  • 5
  • `SSLCertificateChainFile` is deprecated with version 2.4.8. Please check which version of apache you're using. look here https://serverfault.com/questions/588986/sslcertificatechainfile-deprecation-warning-on-apache-2-4-8 – Shailesh Sutar Feb 02 '18 at 19:52

1 Answers1

1

The default depends on what OS/distribution you use but I'd recommend separating them out for clarity's sake - but per site, not per protocol (so all of www.website1.com will be in one file, all of www.otherwebsite.net will be in a second).

You don't need to specify a VirtualHost setting other than unless your default site is NOT the same for HTTP and HTTPS. In that case (using host header recognition) you'll need a different VirtualHost for each site's DNS name(s) with the "ServerName" set accordingly.

The SSLCACertificateFile is your cert, the SSLCertificateChainFile is the bundle (certificates from your issuing CA).

Finally you probably DON'T want to have because that will only trigger when someone goes to http://155.131.133.211 - if they use the DNS name for the site, even if that name resolves to the same IP address, it will send you to the default site instead.

TheFiddlerWins
  • 2,973
  • 1
  • 14
  • 22
  • Thank you very much for these helpful and straight-to-the-point informations. I have , at last, managed to get my SSL certificate working on Chrome and some other browsers. For some reasons it gives me an error message on Firefox, but that's another issue. Thanks again!! – mlclm Feb 03 '18 at 07:11