Part IV: Drupal 7 & SSL:

The next step in the process is to use an ssl certificate to protect the connections to secure pages.  Obtaining a certificate is left to the reader to fulfill.  The author recommends obtaining an ssl certificate from a certificate authority such as verisign, godaddy, geotrust, etc.

 

Certificates directory:

Many prefer to create a separate directory structure for the ssl certificates.  For this example, the ssl certificate directory will reside at /usr/local/etc/sslcerts.

 

httpd.conf:

The first step in this process is to configure Apache to allow ssl connections.

Edit /usr/local/etc/apache24/httpd.conf and enable the following modules:

1. Enable “LoadModule ssl_module libexec/apache24/mod_ssl.so”
2. Enable “LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so”
3. Enable “LoadModule rewrite_module libexec/apache24/mod_rewrite.so
4. Enable “Include etc/apache24/extra/httpd-ssl.conf”

 

httpd-ssl.conf:

Edit /usr/local/etc/apache24/extra/httpd-ssl.conf and change the following directives to suit your environment:

1. Listen 192.168.0.220:443
2. DocumentRoot “/usr/local/www/drupal7”
3. ServerName www.loga.us:443
4. ServerAdmin admin@loga.us
5. SSLCertificateFile “/usr/local/etc/sslcerts/your-certificate.crt”
6. SSLCertificateKeyFile “/usr/local/etc/sslcerts/your-key.key”
7. SSLCertificateChainFile “/usr/local/etc/sslcerts/your-chain.crt”

 

Testing:

Open a browser and point the url to your site – https://www.yoursite.com

 

 

Summary:

The previous post demonstrates setting up Apache 2.4 and Drupal 7 to utilize ssl when requested.  In this configuration, the site will serve both http and https requests.  To further refine Drupal’s ssl capabilities, there are two recommend Drupal Modules:  Secure Login and HSTS Modules

 

Additional Resources:

www.apache.org

www.drupal.org