|Question:||I want to host a secure shopping cart. How do I add an ssl certificate to my existing virtual host?|
|Answer:||You will need to generate a Certificate Signing Request (CSR) and send that to a valid certification authority, such as RapidSSL or Go Daddy, etc. Using the iTools Admin, there are four steps:|
Step 1: Generating the Certificate Signing Request (CSR)
Go to the Configuration panel for the Virtual Host for which you want to create the SSL certificate.
iTools Admin ->WebSettings -> VH Configuration panel:
Click "Edit Certificate".
Complete the SSL Settings form and click "Save".
You will now see the CSR. Copy this CSR (including the BEGIN/END lines) and submit it to your CA Authority. This CSR is also stored in a file (/Library/Tenon/WebServer/Configuration/ssl.crt/your_virtual_host.csr).
A self-signed certificate is also generated at this time. This will allow you to use this SSL-enabled virtual host for testing purposes until you receive your actual certificate from your CA Authority.
Step 2: Configure Virtual Host to use SSL
Go back to the Configuration panel for your SSL Virtual Host.
Toggle SSL Security to On.
Notice that the port changes to "443".
Step 3: Create Virtual Host on Port 80 (optional)
Steps 1 & 2 converted your existing VH on port 80 to a secure VH on port 443. In most cases, you will want to have your virtual host also answer on port 80, therefore you need to recreate the VH on port 80, giving it the same DocumentRoot as the secure VH. Your HTML can now direct users to the non-SSL pages or the SSL-enabled pages, as desired.
Step 4: Install the Valid Certificate.
Your CA Authority will provide you with a new certificate as well as their Intermediate Certificate. (This intermediate certificate enables your webserver to recognize your CA Authority as trusted.)
Replace the self-signed certificate .crt with the new certificate in /Library/Tenon/WebServer/Configuration/ssl.crt/
Edit /Library/Tenon/WebServer/Configuration/ssl.crt/ca_bundle.crt appending the intermediate certificate to this file.
Now your VH will be available as http:// or https://
|last updated 28.04.2010|