
Load Times Under 2s: SSL Certificate & Apache Configuration
May 6, 2018 | By admin | Filed in: hosting.Creating a Self-Signed SSL Certificate
Next we need to create a self-signed SSL certificate. This is very useful for testing purposes but should not be used in a production environment. That said, this will be the similar process to what needs to be done for a production, verified SSL certificate. We will take care of those later on.
First step we need to install the SSL certificate generation utility. To do this, run:
Now we need to create a directory for the SSL certificates to go. We also need to set the correct permissions to for this directory so that only the root user can access them. This is to help secure the certificates against any hacking.
No we actually need to create the certificate. To do this we’re going to run the openssl command. There are set of parameters here that will define how the certificate should be created. The important ones are the “keyout” file name and the “out” file name. These will specify where the files should be sent to once created.
Now we’re going to create a diffie-hellman encryption. This allows for the public key to be securely transmitted over an open channel.
Afterward we need to append the Diffie Hellman encryption key to the self-signed certificate.
Configuring Apache
Now we need to make some configuration changes to the Apache configuration files. This will specify that we need to have Apache listen on ports 8080 and 8081 instead of 80 and 81, respectively. We also need to change the IP address of the server update the SSL configurations to match our new self-signed certificates. You’re going to want to run:
… and make the following changes:
Change “Listen 80” to “Listen 8080”
Change “ServerName” to “ServerName [[Your IP Address]]:8080”
Change the “/var/www” section’s “AllowOverride None” to “AllowOverride All”
Change the “/var/www/html” section’s “AllowOverride None” to “AllowOverride All”
… in the end, your file should look something like:
In ssl.conf…
… you need to make the following modifications:
Set: Listen 8081 https
Change: to
Set: DocumentRoot “/var/www/html”
Set: ServerName [[Your IP Address]]
Comment out ‘SSLProtocol’ and ‘SSLCipherSuite’
Change: SSLCertificateFile /etc/ssl/certs/test-selfsigned.crt
Change: SSLCertificateKeyFile /etc/ssl/private/test-selfsigned.key
… and add the following to the end of the file:
… in the end, your file should look something like:
Once these files have been updated, restart apache.
If you have SELinux, you’ll need to enable ports 8080 and 8081, as well as open ports 80 and 443 on the firewall. To do this, run:
Now, restart Apache. If there aren’t any error messages, this should indicate that everything is loading properly.
Now at this point, if you go to http://[[Your IP Address]]:8080 you should see the default Apache notification page and if you go to your http://[[Your IP Address]]:8080/phpmyadmin you should see the phpmyadmin page. You should be able to log in to. Now if you go to https://[[Your IP Address]]:8081 you should see an SSL warning. This is fine it’s just indicating that it cannot independently verify your SSL certificate. Allow your browser to continue past this error message and you should see the default Apache page.
If you run into connection issues, you may have to temporarily flush your iptables (they should be back when you restart your server):
Automatic Installation?
If you like the result of the tutorial, but run into problems or would just like to have the work done automatically, we can help you with that. We have an automated script that can SSH into your server and run this tutorial from beginning to end (as long as it’s running CentOS 7). If you would like this done for you ($100), please contact us using the form below.
- Part 1: Introduction and Planning
Why it’s important to have your pages load in under 2 seconds, and a plan of how we will set up and configure the server.
- Part 2: Installing Software
Initial setup of the server, including installing CentOS7, installing tools, installing SSH and SSL, enabling repositories, and installing support packages.
- Part 3: MySQL, Apache, PHP7, & Composer
Installation of MySQL database server, Apache web server, PHP, and Composer package manager for PHP
- Part 4: PHPMyAdmin & Redis
How to download, install, and configure PHPMyAdmin; How to install and configure Redis
- Part 5: SSL Certificate & Apache Configuration
How to create a self-signed SSL certificate; how to configure Apache as a PHP backend
- Part 6: FTP & DNS
How to install and configure an FTP server with dynamic users; how to set up a DNS server
- Part 7: Installing Nginx
How to download, build, and install Nginx with additional modules
- Part 8: Configuring Nginx
How to set up Nginx configuration files including (with explanations): nginx.conf, Gzip compression settings, visitor browser caching settings, SSL settings, reverse proxy settings for sending data to the Apache server, reverse proxy connection configurations, file access restrictions, and WordPress configuration settings
- Part 9: Adding a WordPress Website
How to add a WordPress website to the server including configuring the DNS Server, adding a verified SSL certificate, either manually or for free using Let’s Encrypt, setting up FTP for your site, configuring Apache, configuring Nginx, uploading your WordPress site files, and importing your MySQL database.
- Part 10: WordPress Website Speed Improvements
Speeding up your WordPress installation using a Redis plugin and a caching plugin.
Comments are closed here.