Setting Up SSL Certificate for Website

This is a simple log in case I forget the steps, it may or may not help you. A good thing about StartSSL is now they support up to 5 subdomains under the same root domain for free. This is very nice.

  1. Go to https://startssl.com and "Authenticate" using a stored certificate. If you don't have one, you need to "Sign-Up"
  2. After logging in, first we need to validate domain. Go to "Validations Wizard" and select "Domain Validation (for SSL certificate)." Next enter your root domain, for example, happyz.me. Before going to the next step, if you have set domain privacy, you need to temporarily disable that to quickly get the validation code to your real email address. Procedure afterwards is trivial: enter code for validation and then re-enable domain privacy when validation completes.
  3. Download the zip, in my case happyz.me.zip. If it does not automatically download, goto "Toolbox" and then "Certificate list" to retrieve the zip.
  4. Since my server is using Apache, unzip the "ApacheServer.zip" in the downloaded zip and you will get two files: 1_root_bundle.crt and 2_happyz.me.crt.
  5. Enable SSL for the website by modifying the config file in apache folder. For example:

<IfModule mod_ssl.c>
<VirtualHost *:443> 
SSLEngine On 
SSLProtocol all -SSLv2 -SSLv3 
Header add Strict-Transport-Security "max-age=31536000"
SSLHonorCipherOrder On 
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA SSLCertificateFile path to 2_happyz.me.crt 
SSLCertificateKeyFile path to your key 
SSLCertificateChainFile path to 1_root_bundle.crt 
ServerAdmin admin
ServerName blog.happyz.me 
DocumentRoot path to directory of website 
<Directory "path to directory of website"> 
  Options FollowSymLinks 
  AllowOverride All 
  Require all granted 
</Directory> 
ErrorLog path to error log
CustomLog path to access log combined 
</VirtualHost>
</IfModule>

You'll need to replace the red text with your stuff. SSLCipherSuite is referred from https://wiki.mozilla.org/Security/Server_Side_TLS.

Leave a Reply

Your email address will not be published. Required fields are marked *