Archive for May 4th, 2011
The goal of this guide is to provide you with an Apache SSL configuration with a unique self-signed certificate for each VirtualHost.
These self-signed certificates are not intended for e-commerce or public-facing web sites. Rather, they are intended for SSL encryption of administration areas on personal websites or administration programs that have HTTP interfaces. Of course, if you have a commercially-signed certificate, you can skip the certificate-generation part of the guide, and proceed to implementing it in a VirtualHost configuration.
Written for Apache on Ubuntu Server 10.04.
First, install the base Apache SSL certificate and enable the Apache SSL module
sudo apt-get install ssl-cert
This installs a base SSL certificate and a generic ‘default-ssl’ site configuration. We will be generating per-domain self-signed certificates later. We will also not be using the ‘default-ssl’ site configuration.
Generate a hostname-specfic SSL certificate by following these instructions quoted
— From /usr/share/doc/apache2.2-common/README.Debian.gz
To create more certificates with different host names, you can use
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /path/to/cert-file.crt
This will ask you for the hostname and place both SSL key and certificate in
the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile
directive in the apache config (you don’t need the SSLCertificateKeyFile in
this case as it also contains the key). The file /path/to/cert-file.crt should
only be readable by root. A good directory to use for the additional
certificates/keys is /etc/ssl/private .
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/example.com.crt
Now that the key is generated, we’re going to create an Apache VirtualHost configuration for SSL connection. Chdir to /etc/apache2/sites-available and copy (for example) example.com.conf to example.com-ssl.conf
Next, edit the example.com-ssl.conf file and make the following changes:
* Change the defined port number in the
* At the end of the file, after the
* Within the
tag, add the following directives:
SSLEngine On # The following should point to your SSL cert file in /etc/ssl/private SSLCertificateFile /etc/ssl/private/example.com.crt
— From /etc/apache2/sites-available/default-ssl
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
* Add the SSL workaround for MSIE in your
section as follows:
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
SSL workaround for MSIE
The SSL workaround for MS Internet Explorer needs to be added to your SSL
VirtualHost section (it was previously in ssl.conf but caused keepalive to be
disabled even for non-SSL connections):
BrowserMatch “MSIE [2-6]”
BrowserMatch “MSIE [17-9]” ssl-unclean-shutdown
The default SSL virtual host in /etc/apache2/sites-available/default-ssl
already contains this workaround.
Lastly, enable the newly-created site and reload apache:
Enabling site example.com-ssl.conf.
Run '/etc/init.d/apache2 reload' to activate new configuration!
(This creates the symlink from /etc/apache2/sites-enabled to your config file in /etc/apache2/sites-available – you can also create it manually if your configuration requires it)
* Reloading web server config apache2 [ OK ]
Of course, make sure after all of this that your firewall isn’t blocking port 443.
Questions, comments, and feedback regarding this guide and welcome!
Here’s my suggestions for a great set of WordPress plugins. The descriptions provided here are from the plug-ins themselves, and the links go to the plugin page on WordPress.org. You can also go to your ‘Plugins’ area in your WordPress dashboard to search for and install any of the below plugins easily.
Bad Behavior – Deny automated spambots access to your PHP-based Web site.
Contextual Related Posts – Show user defined number of contextually related posts.
Fast Secure Contact Form – Fast Secure Contact Form for WordPress. The contact form lets your visitors send you a quick E-mail message. Super customizable with a multi-form feature, optional extra fields, and an option to redirect visitors to any URL after the message is sent. Includes CAPTCHA and Akismet support to block all common spammer tactics. Spam is no longer a problem.
Fluency Admin – Give your WordPress admin the Fluency look, Fluency 2.4 is the latest update and is compatible with WP 3.1.x.
Google XML Sitemaps – This plugin will generate a special XML sitemap which will help search engines like Google, Yahoo, Bing and Ask.com to better index your blog.
Jetpack by WordPress.com – Bring the power of the WordPress.com cloud to your self-hosted WordPress. Jetpack enables you to connect your blog to a WordPress.com account to use the powerful features normally only available to WordPress.com users.
– Simple Facebook Connect is a series of plugins that let you add any sort of Facebook Connect functionality you like to a WordPress blog.
– Makes it easy for your site to use Twitter, in a wholly modular way.
WP-PageNavi – Adds a more advanced paging navigation to your WordPress blog
What plugins do you use on your WordPress-powered blog? Have any to recommend? Are you a plugin author and want to “plug” your plugin? :) Please feel free to leave a comment below!