Tags

, , ,

In a previous post I described how to enforce SSL in this post I show how to replace the self-signed certificate with one from a Certificate Authority such as StartSLL.

The standard configuration of Bitnami servers is that the Apache configuration is overwritten by an application configuration. The Bitnami server is provided with a self-signed certificate and there are two copies of this, one in the application configuration directory and one in the Apache configuration directory.

I have chosen to replace both with my own certificates.

Changing the Apache Certificates

The Bitnami documentation for Apache tells you how to change your certificates at the Apache level.

Backup and replace the certificates stored here

/opt/bitnami/apache2/conf/server.crt
/opt/bitnami/apache2/conf/server.key

and update the configuration file

/opt/bitnami/apache2/conf/bitnami/bitnami.conf

to include the following line below the SSLCertificateKeyFile:

SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"

Changing the Application Certificates

To replace the certificates at the application level you must put them in

/opt/bitnami/apps/wordpress/conf/certs

and update

\opt\bitnami\apps\wordpress\conf\httpd-vhosts.conf

(I have used example.com)

<VirtualHost *:443>
 ServerName example.com
 ServerAlias *.example.com
 DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
 SSLEngine on
 SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/server.crt"
 SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/server.key"
 SSLCertificateChainFile "/opt/bitnami/apps/wordpress/conf/certs/server-ca.crt"
 Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
</VirtualHost>

and restart the Apache server

$ sudo /opt/bitnami/ctlscript.sh restart apache

Note on using StartSSL Certificates

The SSLCertificateChainFile is

sub.class1.server.ca.pem

ca.crt is not required.

Advertisements