Now is the time to switch to secured connections via SSL. Howto for Apache 2.4

Since a couple of moths Google is using SSL as a ranking signal which means that the use of secured SSL connections will improve the ranking of your page in the Google Serp. Furthermore it will increase the trust in your project if you use SSL connections. Switching to SSL is has never been easier than now. Here a short step-by-step guide which is showing you how to make your website secure.

Step 1: Create your a private and public key

The first thing you have to do to get started with encrypting your website is getting creating a SSL key and a certification request file based on that key. Using Linux this step is very easy. Just execute the following tow commands.

[sourcecode language=”bash”]
openssl genrsa -out mykey.key 2048
openssl req -new -key mykey.key -out mykey.csr -config req.conf
[/sourcecode]

The directory where you execute the command has also to contain the following req.conf:

[sourcecode language=”text”]
[ req ]
default_bits = 2048
default_keyfile = mykey.key
distinguished_name = req_distinguished_name
req_extensions = req_ext # The extentions to add to the self signed cert

[ req_distinguished_name ]
countryName = US
countryName_default = US
stateOrProvinceName = Colorado
stateOrProvinceName_default = Colorado
localityName = Denver
localityName_default = Denver
organizationName = myproject.com
organizationName_default = myproject.com
commonName = www.myproject.com
commonName_max = 64

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.1 = www.myproject2.com
DNS.2 = www.myproject3.com
[/sourcecode]

Important: The [ req_ext ] and [alt_names] sections are only needed if you want to issue a certificate which is valid for multiple domains. Otherwise you can just leave these tow sections out.
Step 2: Now we arrived at the time where you have to issue your SSL certificate. You can either do that for free or get a commercial certificate. The advantage of the latter solution is that these certificates are recognized by all common web-browsers while the free certificates still have some acceptance issues.

A a really good provider of free SSL certificates is CaCert.org. The acceptance of these free SSL certificates will increase with the time so it is definitely worth considering this option. If you decide to get a non-free certificate you might have a look at Namecheap.com or GoDaddy.com to get cheap ones.

The certificates are simply issued after you uploaded your CSR Request file you have created before. If you got your certificate the only thing missing is to correctly setup your Apache Webserver

Step 3: Configure your webserver to use the SSL Certificates
The easiest way to do is to use virtual hosts. Adding the following two configs to your webserver will do both enable SSL and also maintain the normal HTTP connection.

[sourcecode language=”text”]
<VirtualHost *:443>

<Directory "/var/www/html">
Require all granted
</Directory>

DocumentRoot /var/www/html
ServerName www.mysite.com
SSLEngine On
SSLCertificateFile /etc/httpd/conf.d/ssl.key/cert.crt
SSLCertificateKeyFile /etc/httpd/conf.d/ssl.key/djvupdf.key
SSLCACertificateFile /etc/httpd/conf.d/ssl.key/cert.ca-bundle
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.mysite.com

<Directory "/var/www/html">
Require all granted
</Directory>
</VirtualHost>
[/sourcecode]

The files cert.crt and cert.ca-bundle will be provided by your certification authority after the transaction has been completed.

Step 4: Solving SEO issues and testing your SSL configuration
Now you are done already. Your server is reachable via secured connections now. You can test if your SSL configuration is up-to-date at the following site:

https://www.ssllabs.com/ssltest/

If you get an A+ to A- there you are completely fine.

In case you did not disable the normal HTTP connection to your server there is a little issue with duplicate content you should solve. Search engines do not like duplicate content therefore you should tell them which is the preferred version of your site. This can be done easily by including the so-called canonical tag to the header section of your pages and setting it to the https:// URL of the particular page. This will fix those issues. Make sure, that the URL is exact!

A example how this looks like is the following line. Make sure to put it in the head section:

[sourcecode language=”text”]
<link rel="canonical" href="https://www.go4epub.com/" />
[/sourcecode]

Leave a Reply