Wildcard SSL installation for multiple subdomains on a single VM
From ATI Chennai IT and ITES Wiki
- If you’re looking for a Wildcard SSL/TLS Certificate, I think you already might be aware of how useful it can be when comes to securing multiple subdomains without having a different certificate issued for each of them.
- It’s one of the reasons why Wildcard SSL/TLS certificates are chosen by big organizations as well.
- Wildcard SSL/TLS certificate is also advantageous to secure subdomains that are on multiple servers.
- It helps secure all the sub-domains via a single Wildcard SSL/TLS certificate.
- For instance, you can secure subdomains hosted and managed through different departments which can improve efficiency such as, blog (blog.exampledomain.com) through WordPress host, support page (support.exampledomain.com) through the third-party helpdesk vendor and billing page (billing.exampledomain.com) via accounting company on some other server while directing your website visitors directly to subdomains without making them visit through the home page.
How to Generate wildcard CSR
Steps to install / Enable SSL certificate on Ubuntu using Apache
Step 1: Copy the Certificate Files
To get started, copy the primary (yourdomain.crt) and intermediate certificate (abcCA.crt) files into your Ubuntu server directory where you intend to store all your certificate and key files. ( eg /etc/apache2/ssl/ and key file in /etc/apache2/ss;/private/ folder)
Step 2: Edit Apache .config File
(1) Normally, you can find Ubuntu’s Apache configuration file for your SSL site in/etc/apache2/sites-enabled/your_site_name (default files are : 000-default.conf and default-ssl.conf). you can duplicate and rename it as per your domain name (normally it is located at */etc/apache2/sites-available/*
(2) But, if you don’t find that .config file in the ‘sites-enabled’ folder, you need to run the command *sudo a2ensite your_site_name.conf"*
(3) After locating the file, open it using any text editor
Note: To access your website with both secured HTTPS and non-secured HTTP, you must need two separate files on your …/sites-enabled/ folder. One file will be for port 80 and the other for port 443.
(4) To make your site accessible only with a secure protocol, you need to configure the Virtual Host block.
Step 3: Configuration of Virtual Host block
Your ‘Virtual Host’ block will look similar to the following image:
Virtual Host File
(1) In virtual host block, you need to configure an SSL certificate file, key file and chain file.
(2) Now, adjust the following file names as per your SSL certificate and make the changes accordingly:
(i) SSLCertificateFile: Your certificate file (yourdomain.crt)
(ii) SSLCertificateKeyFile: Your key file(generated during CSR-creation) - Private key
(iii) SSLCertificateChainFile: The intermediate certificate file (CA.crt)
Note: Try using SSLCACertificateFile instead, if the SSLCertificateFile directive doesn’t work.
Save the data once you are done editing the VirtualHostblock.
Case Study 1: Single domain redirection from http to https
File name : rdsdegujarat.dgt.gov.in.conf (for http)
File name : rdsdegujarat.dgt.gov.in-ssl.conf (for https)
- Step 1: Generate CSR
- Step 2 : Download Certificate