Installing a Security Certificate - welikepie/asos-hangout-app GitHub Wiki
A security certificate is needed on your server so you can enable secure http. Secure http is necessary to run some aspects of the Google+ Hangout. If you don’t already have one, you can follow these steps to get one and install it. You can create your own certificate for testing purposes, which is valid for a year. However as we are putting the ASOS Hangout Application into production, it is recommended that you purchase a certificate from a certification authority.
- http://www.123-reg.co.uk/ssl-certificates/
- https://www.globalsign.co.uk/ssl/
- https://www.symantec.com/en/uk/verisign/ssl-certificates
- http://www.alphassl.com/
- http://www.digicert.com/
DigiCert have put together a short guide on how to install a SSL certificate. Although the guide assumes you have purchased a certificate from them, it covers the installation process of a SSL certificate on a variety of servers and operating systems.
To install your certificate, you must work with the VirtualHosts block of code within the Apache configuration file on your server for the domain you are deploying the ASOS Hangout Application to. Usually you will be able to find the configuration file with the “/etc/httpd” folder on your server. The configuration file should be called “httpd.conf” and the block will be within this.
If you cannot find the block, it may be found in one of a variety of places:
- /etc/httpd/vhosts.d
- /etc/httpd/sites
- in a file called .sslconf
In some cases, the path to the file is etc/apache2/sites-available/. If this is the case, then the files will contain just the virtualHosts blocks with names referencing what projects they are to be used for.
If the ASOS Hangout Applications is being deployed on a domain that is already using your server, then there will be a pre-existing file to edit, which will contain the relevant VirtualHost block. If not, you can create your own block.
An example of how your VirtualHost block may look is as follows: Everything between curly brackets {} is what you must edit.
#standard http site
<VirtualHost *:80>
ServerAdmin {server admin’s email address}
ServerName {domain name}
ServerAlias {similar domain name}
ServerAlias {similar domain name}
ServerAlias {similar domain name}
DocumentRoot {absolute path to serve content from}
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory {absolute path to serve content from with / on the end}>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog {absolute path to write error log to including filename (error.log)}
CustomLog {absolute path for all logging} combined
# Make the site runs off development pool
AddHandler php5-fcgi-dev .php
</VirtualHost>
#ssl section
<IfModule mod_ssl.c>
<VirtualHost *:{port number to access through https}>
ServerAdmin {server admin’s email address}
ServerName {domain name}
ServerAlias {similar domain name}
ServerAlias {similar domain name}
ServerAlias {similar domain name}
DocumentRoot {absolute path to serve content from}
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory {absolute path to serve content from with / on the end}>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog {absolute path to write error log to including filename (error.log)}
CustomLog {absolute path for all logging} combined
# Make the site runs off development pool
AddHandler php5-fcgi-dev .php
SSLEngine on
SSLCertificateFile {full filepath to .crt certificate}
SSLCertificateKeyFile {full filepath to .key file}
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
The section of the file we need to pay attention to install our SSL certificate is the second VirtualHost block which you can see an example of above. Particular attention should be paid to the “ServerAlias” section of the block. Although not mandatory, it is useful to let the server know if any additional URL’s should use the same configuration options. You must also set the port number that you can access https:// on. Set this to a port that the server is not already using.
For example; www.ukcampaign.asos.com could have just “www.uxcampaign.asos.com” in the ServerAlias section. However, if you wanted the same SSL configurations for other domains, you might add “www.uscampaign.asos.com” and into the ServerAlias section.
To check if your security certificate has been successfully installed, you can try going to the https:// version of the domain you have installed the certificate to.
The URL will look something like this: https://www.mywebsite.com:444 If you can access https:// on your domain, you have successfully installed the certificate!