This forum is no longer active. Please post your questions to our new community site

Forums WordPress

WordPress https/ssl

Subscribe to WordPress https/ssl 11 post(s), 3 voice(s)

 
Avatar joeyjoejoe1970 19 post(s)

Hi,

I’d like to secure my entire Bitnami/Wordpress site using https/ssl.

My company already has a *.mydomain certificate from Comodo that I can use for this.

Outside of that, I have zero (read: newbie) idea of how to implement this. I’m seeing stuff about OpenSSL, WordPress plug-ins to manage SSL, etc. but I have no idea where to start.

Can someone point me in the right direction and I’ll try taking it from there?

Much obliged,
Joe

 
Avatar Beltrán Rueda Administrator 3,714 post(s)

Hi,

You can find a quick guide at http://wiki.bitnami.com/Components/Apache#How_to_enable_SSL_to_access_through_https.3f

 
Avatar joeyjoejoe1970 19 post(s)

Thanks Beltran, but the instructions aren’t working for me.

I checked for the certificate file at “/opt/bitnami/apache2/conf/server.crt” and the certificate key file at “/opt/bitnami/apache2/conf/server.key” but they don’t exist. Am I supposed to convert by certificate from Comodo to a .crt format and .key and then copy them to this folder? If so, how is that done? The instructions don’t appear to have any steps for folks who already have certs

I’m very novice at this. Sorry for the newbie questions.

 
Avatar Beltrán Rueda Administrator 3,714 post(s)

If you have the .crt and .key files you should copy in the apache2/conf folder, if not you can create them following the “How to create a SSL certificate?” section.

 
Avatar joeyjoejoe1970 19 post(s)

I have a *.crt file from Comodo that I copied here:
/opt/bitnami/apache2/conf/my_company_star_cert.crt

I also created a server.key by entering
openssl genrsa – out server.key 1024 and copied it here:
/opt/bitnami/apache2/conf/server.key

Do these two files need to be concatenated somehow?

Do they need to have the same name (i.e. server.key and server.crt)?

I’m able to create a self-signed certificate, I just don’t know how to use a .crt file that I already have from my Certificate Authority.

Thanks,
JJJ

 
Avatar danoo Administrator 81 post(s)

Hi,

Can you please check Comodo support page, you may find this article useful: https://support.comodo.com/index.php?_m=knowled…

Assuming you have your files in the /opt/bitnami/apache2/conf/ directory, change the Apache configuration to have the following and restart httpd server

SSLCertificateFile /opt/bitnami/apache2/conf/yourDOMAINNAME.crt SSLCertificateKeyFile /opt/bitnami/apache2/conf/private.key SSLCertificateChainFile /opt/bitnami/apache2/conf/yourSERVERNAME.ca-bundle

Let us know if the above works for you.
Danoo

 
Avatar joeyjoejoe1970 19 post(s)

After applying the .crt and the ca-bundle files per the instructions found here (https://support.comodo.com/index.php?_m=knowled…), I am unable to get httpd to start.

I am using a wildcard cert (the logfile entries below refer to *..com which appears correctly in the actual error_log file) but it seems that apache-SSL doesn’t care for wildcard certs. Has anybody had experience with using a wildcard certificate with Bitnami/Apache?

I checked the error_log file and found the following entries.

[Fri Jun 17 12:07:11 2011] [warn] RSA server certificate wildcard CommonName (CN) `..com’ does NOT match server name!?
[Fri Jun 17 12:07:11 2011] [error] Unable to configure RSA server private key
[Fri Jun 17 12:07:11 2011] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
[Fri Jun 17 12:10:29 2011] [warn] RSA server certificate wildcard CommonName (CN) `
..com’ does NOT match server name!?
[Fri Jun 17 12:10:29 2011] [error] Unable to configure RSA server private key
[Fri Jun 17 12:10:29 2011] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch

 
Avatar danoo Administrator 81 post(s)

Hi,

> Has anybody had experience with using a wildcard certificate with Bitnami/Apache?

I think the best option is to ask Comodo support about the Apache configuration for the SSL certificate you have. Please let us know once you figure it out. Thanks.

 
Avatar joeyjoejoe1970 19 post(s)

Thanks danoo, but there is nothing specific about how Apache is bundled with Bitnami cause the instruction from Comodo not to work?

 
Avatar joeyjoejoe1970 19 post(s)

All, I figured out. User error of course. When I was creating the CSR for Comodo I was providing the name of the server instead of entering *.mycompany.com I entered myserverhostname.mycompany.com. Therefore the cert and the key mismatched. Anyway, I have gotten SSL to work but I have another question which I will pose in another thread. This one can be closed. Thanks for all of your help. JJJ

 
Avatar Beltrán Rueda Administrator 3,714 post(s)

I’m glad to hear that!

Forums WordPress