Centos Zpanel SSL Sertifikası Kurulumu

(2015-02-05 14:13)

Implement an SSL certificate for a domain on an e24panel machine (ZPanel/CentOS)

Sometimes it’s necessary to install an SSL certificate that allows for a secured data exchange channel during user authentication in a web application. That is why we have prepared an article that explains the process of running a purchased SSL certificate on an e24panel machine (ZPanel/CentOS).

The actions presented below should be performed from a machine’s admin account. You will also need PuTTy.Learn how to connect to a server using this application.

PFX to PEM conversion

It may so happen that your certification authority will send you the SSL certificate as a .PFX file. This format needs to be converted into .PEM, supported by Apache Web service.

Upload your .PFX file onto your server. The conversion takes two steps, first separating the certificate, and then its private key. It is important that the certificate and the private key for Apache Web service should be stored in separate files.

openssl pkcs12 -in MyCert.pfx -clcerts -nokeys -out Cert.crt  
openssl pkcs12 -in MyCert.pfx -nocerts -out tmpCertKey.key

While executing the latter command, it’s necessary to enter import password for your .pfx certificate. Next, you need to enter the same password twice for the certificate's exported private key.

Now, we'll create a password-free private key file, so that running Apache Web service won't require a passphrase. To finish up, you need to enter the previously chosen password.

openssl rsa -in tmpCertKey.key -out CertKey.key

This way the resulting files - Cert.crt i CertKey.key - are moved to /etc/ssl/certs/.

mv Cert.crt /etc/ssl/certs/
mv CertKey.key /etc/ssl/certs/
Implementing the SSL certificate

Verify that the certificate file and the .PEM private key are in the /etc/ssl/certs/ directory.

Install the SSL module for Apache Web service.

yum install mod_ssl

Create a new /etc/zpanel/configs/apache/httpd-vhosts-ssl.conf config file by entering the following code. Remember that the domain name should match your domain.

NameVirtualHost *:443
<virtualhost *:443>
ServerName my-domain-name.pl
ServerAlias my-domain-name.pl www.my-domain-name.pl
ServerAdmin zadmin@localhost
SSLEngine On
SSLOptions +StrictRequire
# ścieżki do certyfikatu SSL:
SSLCertificateFile /etc/ssl/certs/Cert.crt
SSLCertificateKeyFile /etc/ssl/certs/CertKey.key
#
DocumentRoot "/var/zpanel/hostdata/zadmin/public_html/my-domain-name_pl"
php_admin_value open_basedir "/var/zpanel/hostdata/zadmin/public_html/my-domain-name_pl:\
/var/zpanel/temp/"
php_admin_value suhosin.executor.func.blacklist "passthru, show_source, shell_exec, system, \
pcntl_exec, popen, pclose, proc_open, proc_nice, proc_terminate, proc_get_status, proc_close, \
leak, apache_child_terminate, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, \
posix_setuid, escapeshellcmd, escapeshellarg, exec"
ErrorLog "/var/zpanel/logs/domains/zadmin/moja-nazwa-domeny.pl-error.log" 
CustomLog "/var/zpanel/logs/domains/zadmin/moja-nazwa-domeny.pl-access.log" combined
CustomLog "/var/zpanel/logs/domains/zadmin/moja-nazwa-domeny.pl-bandwidth.log" common
<Directory />
Options FollowSymLinks Indexes
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
AddType application/x-httpd-php .php3 .php
ScriptAlias /cgi-bin/ "/_cgi-bin/"
<location /cgi-bin>
AddHandler cgi-script .cgi .pl
Options ExecCGI -Indexes
</location>
ErrorDocument 500 /_errorpages/500.html
ErrorDocument 404 /_errorpages/404.html
ErrorDocument 510 /_errorpages/510.html
ErrorDocument 403 /_errorpages/403.html
DirectoryIndex index.html index.htm index.php index.asp index.aspx index.jsp index.jspa index.shtml index.shtm
# Custom Global Settings (if any exist)
# Custom VH settings (if any exist)
</virtualhost>

Now you need to update your primary Apache config file to make reference to the newly-created httpd-vhosts-ssl/conf file.

cd /etc/zpanel/configs/apache/
echo 'Include /etc/zpanel/configs/apache/httpd-vhosts-ssl.conf' >> httpd.conf

Finally, restart your Apache Web service configuration in order to apply changes.

/etc/init.d/httpd restart

Alıntı Adresi  :  http://www.e24cloud.com/en/For-developers/How-to/Implement-an-SSL-certificate-for-a-domain-on-an-e24panel-machine-ZPanel-CentOS