We have now the Wiki as well as the trac system working with http over SSL
. From now on, all traffic should be encrypted and one should be forwarded to port 443 when connecting on port 80.
- The currently used certificate is only self-signed. We have already applied for a certificate from RRZN.
- Also, in the certificate, the CN (server name) is set to n0.aei.uni-hannover.de, which of course doesn't exist yet.
Do this in
to generate the ssl certificate.
# generate private key
openssl genrsa -out private.key 2048
chmod 600 private.key
# generate the PEM file to request signing of the certificate
openssl req -new -key private.key -out cert.pem
# self-sign certificate with private key
openssl x509 -in cert.pem -out certificate -req -signkey private.key -days 365
It is important to enter the FQDN
when asked for the name, or else apache will complain on startup.
Enabling SSL in Apache
# other settings here
SSLProtocol All -SSLv2
Redirect / https://%SERVER_NAME/
This makes apache forward all requests from http to https. Also don't forget to write
somewhere to switch on 443 in the frist place.