Linux, Microsoft

Add SSL To Apache2 Ubuntu

Leave a comment

This uses a Microsoft Certificate Authority. If you want a self-signed SSL, check the bottom of the post.

I needed to create a way for end users to go to a site (http://callmanager) and be able to login to their Cisco Callmanager page without receiving any certificate errors. Unfortunately the call manager device was named “imcm1”, and cisco won’t let me create a certificate for anything besides the device name. Our users were trained to use “callmanager” as the name. So I had two options:
1.) Re-Train employees to no longer use the easier to remember “callmanager” name
2.) Utilize an Ubuntu webserver to redirect the users where I want them to be
Obviously I chose the much harder route – well it’s harder technically, but… yes.

Using Ubuntu 10.04.1 LTS x32. I installed LAMP and SSH. This is on a domain (company.local) running windows 2003 and AD. There is a Certificate Authority installed on one of the domain controllers (2003 Enterprise). I use Putty and WinSCP.

Update Ubuntu:
I run everything as root. So su to root.
apt-get update
apt-get upgrade
apt-get dist-upgrade

Create the CSR:
mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
openssl genrsa -out callmanager.key 1024
chmod 640 callmanager.key
openssl req -new -key callmanager.key -out callmanager.csr
Provide your information:

Country Name: US
State: IL
City: Chicago
Organization Name: Company
Organization Unit: IT
Common Name: FQDN_Here! I used “callmanager”, but you may be utilizing “callmanager.domain.local”
Email: blank
Challenge password: blank
Optional company: blank

Copy The Certificate To Your Certificate Authority:
cat callmanager.csr

Copy everything from “—–BEGIN CERTIFICATE REQUEST…” to “…END CERTIFICATE REQUEST—–”
Connect to your certificate authority: http://certificateserver/certsrv. My Win7 would not work with a 2003 Server CA so I had to run it local on the server (http://localhost/certsrv)
Click Request A Certificate
Click advanced certificate request
Choose the middle option (PKCS #10 or PKCS#7)
Paste what you copied above into the Saved Request area
Choose the certificate template “Webserver”
Click submit
Click Download certificate (DER encoding!)

Convert And Install The Certificate On Ubuntu:
Copy the .cer file (callmanager.cer) to your linux box in the /etc/apache2/ssl directory
chmod 640 callmanager.cer
openssl x509 -in callmanager.cer -inform d -out callmanager.pem
chmod 640 callmanager.pem

Edit Apache To Support SSL:
a2enmod ssl
apache2ctl restart
cp /etc/apache2/sites-available/default-ssl ../sites-enabled/
nano /etc/apache2/sites-enabled/default-ssl
Scroll down to “SSLCertificateFile /etc/ssl…”
Change the location to be /etc/apache2/ssl/callmanager.pem
Then, scroll down to “SSLCertificateKeyFile /etc/ssl…”
Change the location to be /etc/apache2/ssl/callmanager.key

Finish The Redirect:
Under the SSLCertificate edits, I added the following:
ServerName callmanager
Redirect permanent / https://imcm1/
Save the file
apache2ctl restart

Test! Works for me!

Create A Self-Signed Certificate:
Hopefully coming soon.

Leave a Reply

Your email address will not be published. Required fields are marked *