How to install SSL for my website hosted in Azure?

Question

I have hosted my website in Azure. I have created a Virtual Machine on which i have installed LAMP stack as i am using php for my website. I have a sub domain along with the main domain. I want to install SSL for both.

My client has provided me the certificate for SSL installation. I search many Stack overflow post but could not find any post helpful for a beginner like me.

Thanks

Answer 1

Certificate Installation: Apache 2.4.8+

Under Linux, to check the version number of your Apache server, execute the following command:

apache2ctl -version

or

apachectl -version

Note : If your Apache server's version is less than 2.4.8, please skip this article and go this link

Prerequisites:

Concatenate the CAbundle and the certificate file which we sent you using the following command.

cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt

If you are Using GUI Text Editor (Ex: Notepad):

(i) To concatenate the certificate files into single bundle file, first open domainname.crt and domainname.ca-bundle files using any text editor.

(ii) Now copy all the content of domainname.crt and paste it on the top of domainname.ca-bundle file.

(iii) Now save the file name as ‘ssl-bundle.crt’.

Configure the Apache server:

1. Locate the Apache configuration file (example httpd.conf / ssl.conf), the configuration file name can be different depending on your apache version or flavour. Or in a Windows environment (EasyPHP, Wamp, ...) :

C:\Program Files\Apache Software Foundation\Apache X.X\conf\SSL2015 C:\Program Files\Apache Software Foundation\EasyPHP\SSL2015 In a standard installation under Linux, the SSL advanced configuration file is located here:

/etc/apache2/mods-enabled/ssl.conf but it is not in this file that you will activate the certificate for a website. You'll have to edit the file

/etc/apache2/sites-enabled/default-ssl.conf

Use the following command to figure out where Apache is pulling its configuration from:

apache2ctl -V | grep SERVER_CONFIG_FILE or just apachectl -V | grep SERVER_CONFIG_FILE

The situation for ubuntu on Apache differs, as the configurations for 443 and 80 ports for each site are located in separate files. You can find it at /etc/apache2/sites-enabled/ Edit or create the file with the VirtualHost for 443 port to set up the secure connection.

Actually you can duplicate the record for port 80 (should be in your VirtulHost file by default) and change port 80 to port 443. Simply add it below non-secure module.

2. In the Virtual Host settings for your site, locate the SSL certificate settings section and verify that you have the following 2 directives within the Virtual Host. Please add them in if they are not present:

SSLCertificateKeyFile ( path to the private_key.key file used for the initial generation of the CSR) SSLCertificateFile ( path to the PEM file containing the end entity certificate and the intermediates )

Example VirtualHost Configuration:

DocumentRoot /etc/httpd/htdocs ServerName comodo.com SSLEngine on SSLCertificateFile /usr/local/ssl/crt/ssl-bundle.crt SSLCertificateKeyFile /usr/local/ssl/private/private.key

Note: As with the example above, file names can be domainname.crt, server.key, your server however may use a different naming convention. If you are using a different file location than the example above, you will need to change the paths to match your files on the server.

3. If you want to enable OCSP Stapling for the website, please add the following directive to the Virtual Host section:

SSLUseStapling on

Also specify OCSP cache response location and size outside of the Virtual Host section using SSLStaplingCache directive:Converting a SSL certificate in Apache to Windows

SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

Note: OSCP Stapling can be configured starting from Apache HTTP server 2.3.3 and later.

4. After making changes to your config file it is good practice to check the file for syntax errors using "apachectl configtest". The command will return Syntax Ok if there are no errors.

5. Restart your apache web server:

apachectl stop apachectl start

6. To verify if you have correctly installed the SSL, please use our SSL Analyzer.

You can check this link.

https://support.comodo.com/index.php?/Knowledgebase/Article/View/1185/0/certificate-installation-apache-248

Answer 2

Is in azure provided free SSL? Otherwise you will not be able to install SSL with green bars. You can donate at https://letsencrypt.org/ to get SSL service with low price and develop your website even better.