In Apache, just add (create a new VirtualHost
):
SSLEngine on
SSLCertificateFile /caminho/para/seu_site_certificado.crt
SSLCertificateKeyFile /caminho/para/sua_chave_privada.key
SSLCertificateChainFile /caminho/para/seu_certificado_intermediario.crt
Usually this file is in /etc/httpd/
(in the case of CentOS, for example) or /etc/apache2/
(in the case of Ubuntu, for example).
Explaining each resource:
You should also accept a connection on the 443
port instead of 80
, for example:
<VirtualHost 111.111.111.111:443>
If you use :80
will not work, be sure to open the 443
port on the firewall, if for some reason turn off all ports .
At the end it will look something like this:
<VirtualHost 192.168.0.1:80>
DocumentRoot /local/do/html
ServerName exemplo.com
</VirtualHost>
<VirtualHost 192.168.0.1:443>
DocumentRoot /local/do/html
ServerName exemplo.com
SSLEngine on
SSLCertificateFile /crt/exemplo_com.crt
SSLCertificateKeyFile /crt/exemplo_com.key
SSLCertificateChainFile /crt/exemplo_com.ca-bundle
SSLOptions +StrictRequire
SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
SSLCompression off
</VirtualHost>
The SSLOptions +StrictRequire
, SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2
and SSLCompression off
are optional, however I recommend using. The first one will prohibit connecting if it is not connected using HTTPS, in summary. The second will disable SSL
and will enable TLS
, TLS 1.1
and TLS 1.2
, SSLv2
is vulnerable and SSLv3
has the POODLE , so both are turned off by -all
. SSLCompression off
is to avoid the problem of CRIME attack .
In PHP no changes are required except rename the links from http://
to https://
, if need be. You can also create a redirection from http://
to https://
, so that all connections become SSL / TLS.