Stig's picture

Hi,

We run a magento webshop - www.inopro.no.

I just have started using Magento Turnkey v13 image for our magento installation on Amazon EC2 - https://aws.amazon.com/marketplace/pp/B00E8PKCFQ

The new installation you can find here: http://ec2-54-171-230-191.eu-west-1.compute.amazonaws.com

I have tried to install the ssl-certificate without success, so I need some help. I received the the GeoTrust certificate by e-mail. It has a SSL-certificate and a Certificate Authority (CA) SSL-certificate.   

Are there anyone who could help me installing the certificate on the new server? If so please give me a price and which details you need from in order to access the server and files.

Best regards,
Stig Slettnes/Ino Pro

Forum: 
Ken Robinson's picture

 

If you used the base TKL it should be pretty easy to configure using webmin. Apache2 webmin module is pretty good. You should be able to figure it out.

You basiclly need to upload the private key, the cert, and any other cert that comes with it. You can use the built in file browser or SCP to copy it over. 

Certs go /etc/ssl/certs/

Private keys /etc/ssl/private

Login to Webmin https://yourhost:12321 Under servers, select apache. You may need to change the port to 443 for the virtual host and setup your SSL there. 

If server is already setup to use SSL (Self signed cert) just upload your files and change the files to point to your certs, and restart the apache service using webmin or SSH

 


If your private key has a password you may want to remove it so you don't have to enter it everytime you restart the apache.

 

 

 

Regards,

Ken  
":0)

http://www.github.com/DocCyblade

Stig's picture

Thank you very much for your help Ken and Tim! The server is already setup to use SSL (Self signed cert). And yes I can connect to https://yourhost:12321 and access the files from there.

I have tried several times, but I must be doing something wrong. I just loose contact with the webpage and must reinstall the image. Now the url is: http://ec2-54-171-226-62.eu-west-1.compute.amazonaws.com/

If anyone could help me it would be much appreciated. Send me an e-mail to post(at)inopro.no with your price and what you need from me. And I will reply with the certificate details and login details to webmin.

 

Best regards,

Stig

OnePressTech's picture

Just follow the instructions from your cert vendor.

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=SO15065

You said above that you "loose contact with the webpage". I'm assuming that you mean that you lose access to your appliance once you have updated your apache config and restarted it. If that is the case you do not need to reinstall the image. You should be making these changes through your web host console NOT via sftp or ssh client. If you are in AWS use the AWS console to make these changes. If the change does not work properly you just re-edit the apache config file again until things work properly. You would never lose access to your image.

Also...there are two places to change your cert...cert for your website and cert for webmin. Don't confuse them. Focus on your website config. Webmin cert can stay as self-certificate from Turnkey.

 

 

Cheers,

Tim (Managing Director - OnePressTech)

OnePressTech's picture

There are two web servers in your appliance:

1) Apache web server for your appliance customers

config file found in /etc/apache2/sites-available/

2) lighttpd web server for your appliance administration (e.g. webmin)

config found in /etc/lighttpd/conf-available/

If you are using webmin GUI to adjust your certs these two web server configurations are made in two different places in the webmin user interface. Webmin / Webmin Configuration / SSL Encryption for lighttpd and Servers / Apache Web Server / Virtual Server for 443 / SSL Options for Apache.

To be safe...don't use these GUIs...modify the configuration files listed above in 1) & 2) directly as per instructions from your cert vendor.

NOTE: If you adjust your lighttpd cert and you do it incorrectly you will lose webmin access (which would be an issue if you were modifying the file using Webmin obviously).

If you don't like command-line editing you can use the Webmin File Manager to edit the apache configuration file then modify the lighttpd cert using an ssh client like WinSCP.

Lot's of ways to do it...just depends on your preference.

Have a little patience...in the end this is only a few lines in a single file per web server (just remember to restart the web server after the configuration change for it to take effect).

 

Cheers,

Tim (Managing Director - OnePressTech)

Jeremy Davis's picture

But FWIW Webmin now includes it's own miniserver and no longer uses LigHTTPd. So I actually don't have a clue how to do the SSL cert thing with that... So your advice to focus on the main Apache site is definitely the go! :)

As for making the required changes, I personally would use SSH/SFTP/SCP via the server's public IP (or elastic IP if it has one). Then losing contact should not be an issue regardless of what changes are made to Apache setting or even DNS...

OnePressTech's picture

Thanks for the correction Jeremy. Looking around the TKLX site further it appears the webmin ssl is at:

/etc/webmin/miniserv.pem

Correct?

Cheers,

Tim (Managing Director - OnePressTech)

Jeremy Davis's picture

I just had a look in a (v13.0) Core instance I'm currently developing in and no sign of a cert there... But in the conf (/etc/webmin/miniserv.conf) it says "keyfile=/etc/ssl/certs/cert.pem" so I'd guess that's it...

Add new comment