Part IV: Drupal 7 & SSL:
The next step in the process is to use an ssl certificate to protect the connections to secure pages. Obtaining a certificate is left to the reader to fulfill. The author recommends obtaining an ssl certificate from a certificate authority such as verisign, godaddy, geotrust, etc.
Many prefer to create a separate directory structure for the ssl certificates. For this example, the ssl certificate directory will reside at /usr/local/etc/sslcerts.
The first step in this process is to configure Apache to allow ssl connections.
Edit /usr/local/etc/apache24/httpd.conf and enable the following modules:
- Enable “LoadModule ssl_module libexec/apache24/mod_ssl.so”
- Enable “LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so”
- Enable “LoadModule rewrite_module libexec/apache24/mod_rewrite.so
- Enable “Include etc/apache24/extra/httpd-ssl.conf”
Edit /usr/local/etc/apache24/extra/httpd-ssl.conf and change the following directives to suit your environment:
- Listen 192.168.0.220:443
- DocumentRoot “/usr/local/www/drupal7”
- ServerName www.loga.us:443
- ServerAdmin email@example.com
- SSLCertificateFile “/usr/local/etc/sslcerts/your-certificate.crt”
- SSLCertificateKeyFile “/usr/local/etc/sslcerts/your-key.key”
- SSLCertificateChainFile “/usr/local/etc/sslcerts/your-chain.crt”
Open a browser and point the url to your site – https://www.yoursite.com
The previous post demonstrates setting up Apache 2.4 and Drupal 7 to utilize ssl when requested. In this configuration, the site will serve both http and https requests. To further refine Drupal’s ssl capabilities, there are two recommend Drupal Modules: Secure Login and HSTS Modules