I'm trying to configure SSL for my Apache2 server (Ubuntu14). At the end, my browser returns: "The security certificate presented by this website was not issued by a trusted certificate authority."
Here there are the steps:
1)
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install apache2 openssl
sudo a2enmod ssl
service apache2 restart
sudo mkdir /etc/apache2/ssl
sudo openssl req -new -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.csr
2) Sent the code to my company CA: Intranet Server Private CA (UTF-8) and they sent me 3 files:
- MyCompanyPrivateCA.cer [binary]
- MyCompanyPrivateCA.base64.cer [contains
-----BEGIN CERTIFICATE-----] - AltriServer.125642.cer [contains
-----BEGIN CERTIFICATE-----]
3) sudo nano etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin myemail@mycompany.it
ServerName <mywebsite>
ServerAlias www.<mywebsite>
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/AltriServer.125642.cer
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
SSLCACertificateFile /etc/apache2/ssl/MyCompanyPrivateCA.base64.cer
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
4) sudo a2ensite default-ssl.conf
5) sudo service apache2 restart
The result is that in chrome https world in the URL is red.
Could someone help me? Riccardo
