Zero logo

Apache - Free Server Certificate

A free server certificate using the service from https://letsencrypt.org/ is a better choice than a self-signed certificate.
Please note that The Uniform Server developers have no relation or affiliation with this site. The material is included here only to provide a better alternative to a self-signed certificate. Other choices likely are available.

Let's Encrypt is a free, automated, and open certificate authority. The term free means just that: no hidden catches or trials.

Obtaining a free server certificate requires a number of steps. First you need to have a registered domain name, then you get a certificate using a client software for the Windows environment. Finally, you install this certificate on your server. This page covers each step in more detail.

Register a domain name

Register a domain name with a registrar of your choice. The information you supply pertains to the domain you are registering. To obtain a free certificate, the contact e-mail address you supply is of the utmost importance. This is the address where a registrar can contact you. This e-mail address will be used by Let's Encrypt's client software to verify who you are (domain name). Alternatively, if your domain name is active (site has a mail-server), the site email address can be used for verification.

Note: Your registrar contact e-mail address allows you to obtain a signed certificate before making your site live. This allows you to test your site locally with a signed certificate and confirm that Apache’s SSL Vhost server verification chain works.

Get certificates

Let’s Encrypt uses the ACME protocol to verify that you control a given domain name and to issue you a certificate. To get a Let’s Encrypt certificate, you’ll need to choose an ACME client software from the https://letsencrypt.org/ website. Select one for the Windows / IIS environment and follow the instructions provided on the selected client's website.

Install certificates

Once your certificate has been issued and files have been downloaded to your computer, copy the two files yourdomain-chain.pem and yourdomain-key.pem to Apache folder server_certs

  • Copy yourdomain-chain.pem to UniServerZ\core\apache2\server_certs\yourdomain-chain.pem
  • Copy yourdomain-key.pem to UniServerZ\core\apache2\server_certs\yourdomain-key.pem

Edit SSL Configuration file

Two lines require editing in Apache’s SSL configuration file as follows:

Edit file: UniServerZ\core\apache2\conf\extra\httpd-ssl.conf

Locate these two lines:

SSLCertificateFile "${US_ROOTF}/core/apache2/server_certs/server.crt"
SSLCertificateKeyFile "${US_ROOTF}/core/apache2/server_certs/server.key"

Edit as shown below:

SSLCertificateFile "${US_ROOTF}/core/apache2/server_certs/yourdomain-chain.pem"
SSLCertificateKeyFile "${US_ROOTF}/core/apache2/server_certs/yourdomain-key.pem"

Note: The environment variable ${US_ROOTF} is automatically set to the Uniform Server Zero top-level folder, for example C:/UniServerZ

Local Test

Before going live with your secure server, you can test it locally. To do this, your domain name (for example, fred.com) must resolve to an IP address.

Refer to the Server Name page for details; use either option 1 or option 2.

Option 1 is assumed (Entry automatically made in Uniform Server's PAC file).

  • Start the Apache server
  • Click View ssl button
  • The secure test page should be displayed with no alerts.

Note: Replace fred.com with the hostname you used when creating your certificate. Be sure to remove this line when you are ready to go live.

Where to next

Apache SSL - Introduction and overview.
Self-signed - Self-signed test certificate details.


--oOo--