Saturday, October 14, 2017

apache 2.2 - Setting up SSL for phpMyAdmin



I would like to run phpmyadmin using my SSL certificate.



I read that if I placed the following within the file: /etc/phpmyadmin/config.inc.php, it would force it to use SSL. And now it does...




$cfg['ForceSSL'] =true;


However, my issue is when I did this, now I get an error stating "cannot connect to server."



I do a port scan and my port 443 is closed for one, but I am connecting via https:// for my secure web based email admin panel. This tells me this may not be the issue. Second, is that I have a SSL certificate I purchased but I am not sure how to apply this cert. mydomain.com.crt is sitting on my desktop, how should I be utilizing this?



I remember creating a self signed cert for my web-email access. Do I have to do this for phpmyadmin as well? At least this way, since I am the only one who will ever access the DB, it will never expire.




Also the phpmyadmin used to come up as: http://mydomain/phpmyadmin/ however, I do not have any pages on my website that requires https:// .


Answer



Ok I found the answer to this question.




  1. I had to turn on ssl by typing in on command line: sudo a2enmod ssl

  2. Then type in sudo a2ensite default-ssl

  3. go to /etc/apache2/sites-available/defaultssl file and put in the pointer to the site I want the SSL to run. In my case it was /var/www/mydomain/phpmyadmin, then I had to make sure the following was also enabled in the file (but using my own location where my certificate resided). Use only 1 certificate for the server to avoid conflict (so I copied the same cert I am using for my webmail to another directory and used that path/files




SSLEngine on



SSLOptions +StrictRequire



SSLCertificateFile /etc/ssl/myfolder/mycert.csr



SSLCertificateKeyFile /etc/ssl/myfolder/mycert.key



Then restarted apache2 with sudo /etc/init.d/apache2 restart




Then it worked. But one thing to also add. I am using my own private certificate, so anyone who tries to go to my site by https:// they will get a message stating that the certificate is not signed and cannot be trusted. Once I decide to go to a valid certificate, I will need to figure out how to port my current 5 year SSL cert I purchased from godaddy (which I already CSR'd into a crt file for my new server and put it to use. That is another thing I need to do next.



Additional resource for help:
https://help.ubuntu.com/8.04/serverguide/C/httpd.html here is a good link where I read up on getting it to work.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...