Linux servers.

Installing Dual TLS Certificates and Running TLS

Steps Toward The Goal

On earlier pages I showed how to set up a Google Compute Engine virtual machine, run FreeBSD, and set up a basic Apache/PHP web server. Now let's set up HTTPS!

On this page I will:
1: Set up both RSA and ECC key pairs.
2: Obtain Let's Encrypt certificates for both.
3: Set up automatic renewal.

On the final page I will tune the Apache HTTP headers.

Why TLS?

TLS, the successor to SSL, authenticates a web server and provides confidentiality and integrity of the data.

Try Google Cloud Platform and receive $50

In July 2018, Google's Chrome browser began marking HTTP pages as Not Secure. Google had warned the previous year that Chrome would eventually do this. Once Chrome does something, the other browsers quickly follow.

Google also announced back in 2014 that HTTPS already had a slight effect on a page's rank in search results, and the weight would probably increase. In other words, if you don't run HTTPS, you will be ranked lower in search results. Similarly, once Google's search algorithm starts doing something, the other search engines follow.

So, even if a web site is purely informational, you still want to set up TLS.

Public-Key Security

How RSA Works

Asymmetric cryptography, also called public-key cryptography, bases its security on a trapdoor function. That's a function that is easy to compute in one direction but enormously difficult to compute in the opposite direction. RSA, which was developed in the late 1970s, relies on the difficulty of factoring the product of two very large prime numbers.

It is easy to multiply integers, even ones with hundreds of digits, but it is impractically difficult to start with such a product and figure out which two large prime numbers went into it.

Then people worried: what if someone develops a general-purpose quantum computer? Shor's Algorithm could quickly factor very large numbers if you have such a platform on which to run it.

Around this time, people were starting to use mobile devices for Internet access, but smart phones with fast multi-core CPUs had not yet appeared.

How ECC Works

So, Elliptic Curve Cryptography or ECC suddenly became popular. Its trapdoor function is based on a discrete logarithm, entirely different from RSA's factoring. Analysis by NSA and NIST showed that ECC provides equal security with much smaller keys than RSA, requiring much less computation.

So, there were two advantages for ECC: much higher performance, and expected resistance to sudden obsolescence when quantum computers appear. Certificate authorities began issuing dual certificates for sites: one based on ECC which newer clients would prefer for performance, and RSA as a fall-back.

Since then, cryptographers have discovered that ECC will be just as susceptible as RSA to attack by quantum computers. But ECC still has a performance advantage.

Let's Encrypt

Let's Encrypt is a certificate authority founded by the Electronic Frontier Foundation, the Mozilla Foundation, the University of Michigan, Akamai Technologies, and Cisco Corporation.

The Let's Encrypt CA gives you a certificate that's good for 90 days. The short certificate lifetime makes automated renewal important.

FreeBSD
and Linux
Package
Management

ACME, the Automated Certificate Management Environment, is a protocol for interacting with the Let's Encrypt CA. You use the certbot program to carry out the various steps. Install the py37-certbot package to get it.

Preparing to Create Key Pairs and Certificates

First, edit the OpenSSL configuration. Edit the file /etc/ssl/openssl.cnf. Search for the string v3_req and make sure that this line isn't commented out:

req_extensions = v3_req 

Search for the next instance of v3_req, which will be a section header. Again, uncomment it if needed.

[ v3_req ] 

Add or uncomment a following subjectAltName line in that section, and add a tlsfeature line. Then, before the start of the next section, add a new alt_name section in which you define the alternative names you want included in your certificate. The result should be something like the following, my additions are highlighted:

[... many lines deleted ...]

# Extensions to add to any X.509v3 certificate request
[ v3_req ]
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# Support multiple alternative names.
subjectAltName = @alt_names
# Support OCSP Must-Staple.
tlsfeature = status_request

[ alt_names ]
DNS.1 = www.cromwell-intl.com
DNS.2 = cromwell-intl.com
DNS.3 = ftp.cromwell-intl.com

[... many lines deleted ...]

The old way of supporting OCSP Must-Staple required a cryptic line:
1.3.6.1.5.5.7.1.24 = DER:30:03:02:01:05
See Scott Helm's site for an explanation of the security advantages of OCSP Must-Staple, and the meaning of the old syntax.

Creating the RSA Key Pair and Certificate

You can use the certbot command to create an RSA key pair. But it's unneccesarily confusing — the renew subcommand actually creates a new key pair rather than renewing anything. And, we'll need to use the openssl command to generate the elliptic-curve keys.

So, let's keep it simple.

Now, let's generate a 4096-bit RSA key pair. The result goes into a file named rsa-privkey.pem. The actual file names, including any dotted suffix, don't actually matter. But settle on some pattern that makes sense to you.

# openssl genpkey -algorithm RSA
	-pkeyopt rsa_keygen_bits:2048 \
	-out rsa-privkey.pem 

That file is commonly called the "private key file", although it contains much more — the modulus or public key, the public exponent, the private exponent, both primes, two exponent terms, and a coefficient. Check the results with this command:

# openssl rsa -noout -text \
	-in rsa-privkey.pem | less
RSA Private-Key: (4096 bit, 2 primes)
modulus:
[... 35 lines omitted ...]
publicExponent: 65537 (0x10001)
privateExponent:
[... 35 lines omitted ...]
prime1
[... 18 lines omitted ...]
prime2:
[... 18 lines omitted ...]
exponent:
[... 18 lines omitted ...]
exponent2:
[... 18 lines omitted ...]
coefficient:
[... 17 lines omitted ...]

Now we'll create a certificate-signing request or CSR. It will ask us for some metadata — two-character country code, state or province, locality, and so on. The result goes into a file named rsa-csr.pem.

# open req -new \
	-key rsa-privkey.pem \
	-out rsa-csr.pem

You could automate the process and avoid the interactive questions by defining a long Subject string on the command line. Note that you must escape embedded spaces. Here I'm leaving Organizational Unit empty, just "." for "OU".

# openssl req -new \
	-key rsa-privkey.pem \
	-subj "/C=US/ST=Indiana/L=West\ Lafayette/O=Cromwell\ International/OU=./CN=cromwell-intl.com/"
	-outform pem -out rsa-csr.pem

You can check the results with the following command. Your should see what you intended in the Subject field near the top, your multiple host names in the Subject Alternative Name field, and the TLS Feature status_request.

# openssl req -noout -text \
	-in rsa-csr.pem | less

The Let's Encrypt certbot package creates a directory structure. On FreeBSD it's in /usr/local/etc/letsencrypt, let's not fight with it. It includes a subdirectory accounts where you store your account information. Let's put out private key file and certificate signing request into their intended locations.

# mv rsa-privkey.pem /usr/local/etc/letsencrypt/keys
# mv rsa-csr.pem /usr/local/etc/letsencrypt/csr

We'll get started on the elliptic-curve keys and then come back and ask for the certificates.

Creating the ECC Key Pairs

Now I will create an ECC private key and certificate. You need a reasonably recent version of openssl. See what yours is capable of:

$ openssl ecparam -list_curves | less

I will use elliptic curve P-384, designated secp384r1. That is the strongest elliptic curve included in NSA Suite B cryptography, and therefore many people interpret that to mean they should not use secp521r1. Browsers support secp384r1, they no longer support secp521r1. See the U.S. NIST SP 800-57 "Recommendation for Key Management" for the secp384r1 definition, and this comparison of key lengths needed for approximately equal resistance to brute-force attack:

Security
Strength
Symmetric
(3DES, AES)
Asymmetric
(RSA, DSA)
Elliptic
Curve
80 80 1024 160
112 112 2048 224
128 128 3072 256
192 192 7680 384
256 256 15,360 521

Let's generate a secp384r1 elliptic-curve key pair.

# openssl ecparam -genkey -name secp384r1 | \
	openssl ec -out ecc-privkey.pem

You can check the results with this command:

# openssl ec -noout -text -in ecc-privkey.pem

Now I can generate the CSR:

# openssl req -new \
	-key ecc-privkey.pem \
	-subj "/C=US/ST=Indiana/L=West\ Lafayette/O=Cromwell\ International/OU=./CN=cromwell-intl.com/"
	-outform pem -out ecc-csr.pem

You can check the results. Your should again see your intended Subject, Alternative Names and status_request.

# openssl req -noout -text -in ecc-csr.pem

Now we'll store those files.

# mv ecc-privkey.pem /usr/local/etc/letsencrypt/keys
# mv ecc-csr.pem /usr/local/etc/letsencrypt/csr

Organizing the Files

The certbot package created subdirectories named archive and live, and a subdirectory within each of those named for my domain.

Some of that was created when I initially experimented with the renew subcommand. Here's how I ended up renaming, duplicating, and repurposing those directories. All of this is under the letsencrypt directory, subdirectories under /usr/local/etc/letsencrypt:

accounts/
My Let's Encrypt account definitions.

csrs/
Certificate Signing Request files.

keys/
Private key files.

ecc-live/cromwell-intl.com/
Elliptic-curve key and certificate files.

rsa-live/cromwell-intl.com/
RSA key and certificate files.

Plus several unused areas:
ecc-archive/
renewal/
renewal-hooks/
rsa-archive/

I copied the private key files into place.

# cp /usr/local/etc/letsencrypt/keys/ecc-privkey.pem \
	/usr/local/etc/letsencrypt/keys/ecc-live/cromwell-intl.com/privkey.pem
# cp /usr/local/etc/letsencrypt/keys/rsc-privkey.pem \
	/usr/local/etc/letsencrypt/keys/rsc-live/cromwell-intl.com/privkey.pem

Now we're ready to create the certificates.

Creating the Certificates

I initially ran the certbot commands and moved files around by hand. Once I had it working, I created the following script that cron runs every Friday morning:

#!/bin/sh

LOGFILE=/root/certbot-output
echo '' > $LOGFILE

for keytype in ecc rsa
do
	echo "$keytype renewal ====================================" >> $LOGFILE
	certbot certonly --non-interactive --webroot \
		-w /usr/local/www/htdocs \
		-d cromwell-intl.com -d www.cromwell-intl.com \
		--email bob.cromwell@comcast.net \
		--csr /usr/local/etc/letsencrypt/csr/${keytype}-csr.pem \
		--agree-tos >> $LOGFILE 2>&1
	echo "Installing files ===============================" >> $LOGFILE
	STORAGE=/usr/local/etc/letsencrypt/${keytype}-live/cromwell-intl.com
	# The certificate itself:
	mv -fv 0000_cert.pem  $STORAGE/cert.pem >> $LOGFILE
	# The signing chain:
	mv -fv 0000_chain.pem $STORAGE/chain.pem >> $LOGFILE
	# The full chain including our certificate:
	mv -fv 0001_chain.pem $STORAGE/fullchain.pem >> $LOGFILE
done

echo "Nginx restart =================================" >> $LOGFILE
pkill nginx ; sleep 3 ; pkill nginx
/usr/local/etc/rc.d/php-fpm stop >> $LOGFILE 2>&1
/usr/local/etc/rc.d/php-fpm start >> $LOGFILE 2>&1
/usr/local/nginx/sbin/nginx -t >> $LOGFILE 2>&1
/usr/local/nginx/sbin/nginx >> $LOGFILE 2>&1

Be careful developing your solution

You can only request 5 duplicate certificates per week. So, develop any scripts with the certificate renewals commented out, until you're pretty sure that it's going to work. See the rate limit documentation for details.

Enabling HTTPS

httpd.conf, the Apache configuration file, contains the following:

# Put these directives at the global level:
LoadModule ssl_module libexec/apache24/mod_ssl.so
Listen 443

# Put these within individual VirtualHost stanzas
# if you are hosting several sites on one server.
<VirtualHost *:443>
    ServerName cromwell-intl.com
    SSLEngine on
    # ECC secp384r1
    SSLCertificateFile "/usr/local/etc/letsencrypt/ecc-live/cromwell-intl.com/fullchain.pem"
    SSLCertificateKeyFile "/usr/local/etc/letsencrypt/ecc-live/cromwell-intl.com/privkey.pem"
    # RSA
    SSLCertificateFile "/usr/local/etc/letsencrypt/rsa-live/cromwell-intl.com/fullchain.pem"
    SSLCertificateKeyFile "/usr/local/etc/letsencrypt/rsa-live/cromwell-intl.com/privkey.pem"
</VirtualHost>

Examining the Certificates

We can use the openssl tool to parse and display the certificates. I use PHP to run the command on the actual file and insert the output here:

# openssl x509 -noout -text -in ecc-live/cromwell-intl.com/cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:07:b5:b8:09:39:ed:06:b8:e9:ae:cf:7f:4c:59:e3:cf:1a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = R3
        Validity
            Not Before: Jul 23 09:40:10 2021 GMT
            Not After : Oct 21 09:40:08 2021 GMT
        Subject: CN = www.cromwell-intl.com
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:d2:ef:ad:da:c1:7e:4d:4b:72:49:cd:e2:d5:94:
                    94:79:4a:81:09:63:cd:7d:44:07:4e:c3:54:48:fc:
                    4b:f8:5c:d3:46:3e:54:a1:9a:e3:03:68:24:39:61:
                    6c:ac:a8:b6:d1:64:fd:2a:b9:af:79:b8:d5:ef:c0:
                    37:b4:82:28:9a:26:2b:0f:24:85:1f:77:28:9f:e1:
                    f3:ca:77:42:20:49:f7:8c:01:f1:aa:05:66:e4:99:
                    46:09:0a:ca:c4:7e:eb
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                5D:E6:23:16:41:3F:E9:A0:4B:42:52:12:10:6B:90:63:01:B4:87:94
            X509v3 Authority Key Identifier: 
                keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/

            X509v3 Subject Alternative Name: 
                DNS:cromwell-intl.com, DNS:www.cromwell-intl.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 94:20:BC:1E:8E:D5:8D:6C:88:73:1F:82:8B:22:2C:0D:
                                D1:DA:4D:5E:6C:4F:94:3D:61:DB:4E:2F:58:4D:A2:C2
                    Timestamp : Jul 23 10:40:11.945 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:46:08:C4:32:89:BE:3B:89:1B:13:6E:16:
                                B8:96:C8:4D:80:5B:17:F9:13:D0:75:7C:1B:D3:F3:41:
                                C0:3A:D5:4B:02:20:2A:27:7D:D9:8F:CF:5C:25:EE:8D:
                                85:E0:8A:28:EB:AE:7D:64:54:81:01:48:66:05:59:1C:
                                D6:84:B1:75:33:7F
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
                                E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
                    Timestamp : Jul 23 10:40:11.937 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:CE:81:70:60:C2:08:68:0B:56:0A:C7:
                                72:4D:9B:C6:A1:1F:64:1C:90:54:EA:8A:1F:82:90:09:
                                11:55:36:04:71:02:20:32:18:4E:2E:97:7E:35:53:A9:
                                6B:91:05:D9:17:4F:45:41:31:4C:E0:C2:C9:7A:76:AA:
                                0C:28:70:A9:A1:66:FD
            TLS Feature: 
                status_request
    Signature Algorithm: sha256WithRSAEncryption
         68:46:26:4f:59:7b:12:d8:33:bb:01:0d:76:1c:b0:5e:d1:9c:
         4a:f5:72:c8:71:1e:0b:fa:5a:a8:e7:dc:d4:75:c2:1a:49:41:
         43:95:2d:5b:9e:4a:78:57:13:95:73:c7:d5:30:a7:03:b1:89:
         db:ee:05:80:ea:09:41:ca:e0:a2:4e:0a:4b:e7:d9:16:30:ef:
         80:1e:3b:ff:9a:ff:30:fe:e7:b4:67:3e:45:a6:bf:e1:2f:97:
         4f:04:08:5b:6c:9a:5a:1c:fb:ef:c7:bf:0d:30:56:d8:81:d6:
         04:e0:68:23:57:7e:2a:10:75:34:4e:d4:9b:21:7f:84:c0:d1:
         8c:eb:34:8e:0e:92:9b:4c:d9:8d:68:04:87:02:38:44:a9:b9:
         15:b1:16:8b:c0:77:bb:92:ec:b5:b4:03:fb:f8:88:5b:64:73:
         8b:ba:c2:02:47:9d:ab:64:42:11:36:9b:9f:7e:80:12:37:bb:
         27:29:90:2e:a1:d9:8f:b9:7c:41:ad:50:c8:7a:e4:e5:34:cd:
         6e:79:58:db:7f:b3:2b:30:39:c2:98:7d:12:08:e6:3e:85:b5:
         d0:dd:c8:1a:94:73:38:3a:15:fe:64:66:f2:e1:58:64:a8:aa:
         41:02:40:a3:eb:6f:b1:f9:1b:33:e4:54:a5:8d:e9:0b:e2:2c:
         1e:21:e4:e3
# openssl x509 -noout -text -in rsa-live/cromwell-intl.com/cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:1a:80:00:eb:9f:68:eb:a9:bb:e2:5a:18:9e:0d:70:a2:db
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = R3
        Validity
            Not Before: Jul 23 09:40:16 2021 GMT
            Not After : Oct 21 09:40:14 2021 GMT
        Subject: CN = www.cromwell-intl.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (4096 bit)
                Modulus:
                    00:af:55:1e:44:f3:ce:fc:53:19:61:e4:b9:c8:ef:
                    90:74:a6:67:ad:64:86:4d:f9:8b:2e:1b:33:0f:6f:
                    69:fc:0f:5f:f4:50:3c:12:17:9d:fd:82:8d:ce:f3:
                    65:31:b2:a0:bd:d8:2a:57:11:0f:6b:c7:9a:a8:c6:
                    1f:ff:e9:e5:63:0b:57:b4:b1:18:2f:d0:7c:36:12:
                    5a:e5:d0:88:34:be:ee:71:7c:e3:81:10:f5:6d:36:
                    da:db:01:f0:4c:1e:bc:de:3c:a2:6b:7e:2b:62:c8:
                    8a:59:c8:6d:46:39:f4:61:6c:f8:05:c5:8f:65:2d:
                    60:f4:c2:94:0e:88:05:d2:82:d7:df:27:ad:cf:20:
                    11:54:75:53:67:b5:b7:b1:b2:05:a1:6f:9c:48:e2:
                    45:35:41:6f:c3:7c:1e:f3:a6:c2:0f:c7:bb:4c:7e:
                    57:11:88:b7:78:2d:f1:4c:67:93:2c:07:58:1f:07:
                    09:90:45:5a:d9:2c:29:4c:0e:4c:45:67:ca:f4:99:
                    59:17:92:82:78:af:61:44:22:fe:92:01:19:73:14:
                    87:7b:93:8b:cb:29:a7:9c:fa:31:e1:10:fa:b9:95:
                    5d:dc:74:81:cf:22:67:1a:72:d1:bd:6c:32:fb:db:
                    17:70:be:61:c0:3e:9e:4c:bb:da:e8:21:54:c4:6b:
                    21:e9:49:e7:d0:3b:b9:b8:ff:b6:ad:84:7f:86:63:
                    86:8e:31:55:2c:0a:3f:0b:cb:cc:b9:2c:01:49:bf:
                    16:27:97:b9:31:67:2d:93:40:2b:51:e7:d2:47:00:
                    11:88:0f:25:a9:8c:bb:96:c9:e0:8a:19:55:f7:f4:
                    2f:db:31:f8:9f:fc:9e:14:e2:62:6f:d8:c7:ea:2b:
                    fd:db:17:a4:9d:7a:4f:d1:0f:88:be:c8:72:c0:be:
                    85:a2:d7:aa:cb:04:1d:41:25:96:3d:58:40:f1:0f:
                    77:54:5d:23:2a:16:b8:3d:b1:b3:06:18:3f:5e:d9:
                    f4:a7:1d:9d:89:42:82:cc:e2:b1:44:26:7f:76:75:
                    15:d8:f0:a1:48:d2:b9:d7:df:d7:c4:79:1d:30:87:
                    11:22:a7:90:86:59:65:04:6d:fa:5c:1a:5b:a1:f9:
                    13:1f:33:53:18:4b:57:31:13:9e:37:56:97:38:8d:
                    2c:6f:ec:7e:a0:1c:3f:6e:63:de:c9:cf:dd:25:04:
                    f7:24:3c:f9:22:98:67:e8:fe:b0:a0:2a:ca:60:47:
                    35:f9:3d:52:a7:65:20:45:b0:f1:51:a0:2d:27:6a:
                    9a:9d:c2:a4:d1:2d:4d:16:68:aa:1c:63:b1:0c:13:
                    0f:0b:16:11:f2:b6:5f:e1:70:73:ca:3c:e1:5a:f0:
                    b5:18:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                4A:06:EC:9A:B3:72:B4:9D:A3:EA:21:21:6A:19:69:41:2F:D3:33:7D
            X509v3 Authority Key Identifier: 
                keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6

            Authority Information Access: 
                OCSP - URI:http://r3.o.lencr.org
                CA Issuers - URI:http://r3.i.lencr.org/

            X509v3 Subject Alternative Name: 
                DNS:cromwell-intl.com, DNS:www.cromwell-intl.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
                Policy: 1.3.6.1.4.1.44947.1.1.1
                  CPS: http://cps.letsencrypt.org

            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 5C:DC:43:92:FE:E6:AB:45:44:B1:5E:9A:D4:56:E6:10:
                                37:FB:D5:FA:47:DC:A1:73:94:B2:5E:E6:F6:C7:0E:CA
                    Timestamp : Jul 23 10:40:16.967 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:17:5C:CA:B4:1A:7D:60:99:32:A3:D9:81:
                                B2:F0:50:FC:88:AA:CD:18:47:6D:16:80:36:B2:C6:0D:
                                44:CD:14:20:02:21:00:8A:73:DF:00:6D:A2:7C:CC:D4:
                                1E:39:61:EE:84:B0:B9:D3:C1:ED:2E:34:16:19:BD:14:
                                BB:D3:B8:A4:A2:21:CE
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : F6:5C:94:2F:D1:77:30:22:14:54:18:08:30:94:56:8E:
                                E3:4D:13:19:33:BF:DF:0C:2F:20:0B:CC:4E:F1:64:E3
                    Timestamp : Jul 23 10:40:16.943 2021 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:21:00:F0:DC:2D:A3:5B:8E:7E:E4:C1:16:2E:
                                11:90:06:5C:9D:CD:FA:B5:9D:DB:F0:F4:BA:13:C1:96:
                                1C:A6:C1:BF:DF:02:20:47:91:44:5A:35:C9:50:A0:2A:
                                4C:48:BF:87:2C:C8:2B:24:8B:6C:20:63:A4:3F:40:1B:
                                49:C7:8D:07:4B:B0:3D
            TLS Feature: 
                status_request
    Signature Algorithm: sha256WithRSAEncryption
         2b:4d:02:d2:4e:50:42:e1:93:fc:dc:18:ae:15:fb:3a:f1:fd:
         5c:8e:80:33:a6:ac:01:a9:a1:f9:cb:95:23:9d:cb:f4:d5:e5:
         6a:57:a3:8d:11:6b:bf:30:81:df:b4:b3:cb:97:a5:20:fa:4f:
         67:bd:22:74:b8:88:58:70:29:ad:ba:83:23:64:7b:d9:00:99:
         28:46:ad:c9:ec:22:ef:74:cb:29:8a:5a:20:07:52:4f:43:ca:
         d2:98:91:0c:b7:5b:f6:a0:5b:f3:e9:50:4b:ec:cc:92:65:86:
         93:f5:80:56:88:d9:ff:ef:e3:d4:db:93:11:6a:79:24:69:2a:
         51:38:65:32:13:b8:81:cf:3a:a0:72:62:32:92:6a:cb:58:7d:
         19:fe:c0:45:1e:35:93:6f:4c:a3:bb:42:05:00:31:ae:c6:4b:
         56:f8:66:55:21:3b:bd:12:09:80:b8:4b:e4:66:36:90:8c:99:
         5c:f2:c0:bc:4b:d1:cb:dd:15:37:9d:74:f3:81:f8:d8:ff:ea:
         34:04:ad:b8:62:a2:98:5a:53:e7:dd:9a:8b:ba:6b:29:05:ab:
         06:51:4f:2a:54:16:b5:f0:1b:0d:dd:c2:3b:24:71:05:81:7c:
         ba:ae:4a:64:ce:22:c4:5d:75:30:66:55:cf:f9:04:ec:b7:d3:
         68:3c:d4:ef

Initial Test

Restart Apache and verify that you can connect with both HTTP and HTTPS.

You could run a Qualys server test, but at this point it would probably get a "B" grade at best. We will tune the configuration, but first let's set up redirection.

Redirect to HTTPS and Remove "www."

The goal is to accept all connections, redirecting all of these:
http://cromwell-intl.com/some/path/
http://www.cromwell-intl.com/some/path/
https://www.cromwell-intl.com/some/path/
to this:
https://cromwell-intl.com/some/path/

Add the following to your .htaccess file in the root of the web site. Bold shows additions here. Don't duplicate the RewriteEngine line.

# Do NOT duplicate the following line if it
# already exists earlier in the file.
RewriteEngine on

# Remove "www." and redirect HTTP to HTTPS
# Use a standard variable and a tagged regular expression to
# replace the URL with "https://", the host name, and the
# path minus any leading "www.":
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# If they asked for the non-www name but with HTTP,
# build a new HTTPS URL with the host name and path:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# We added the following in an earlier step.
# If the client asks for a non-existent *.html file, rewrite it so
# the bad name isn't passed to the PHP engine causing a "Primary script
# unknown" log entry and a plain "File not found" page.
RewriteCond %{REQUEST_FILENAME} \.html$
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
RewriteRule (.*) - [H=text/html]

Yes, I did the redirection with the site-specific .htaccess file. I could have instead done it with slightly different syntax in the server-wide httpd.conf configuration file. For the single site, given its size and traffic, I didn't see a big advantage of one method over the other.

Now test all combinations of the redirections: http vs https, www. vs not, and include requests for nonexistent files and directories.

Improving the TLS Configuration

Mozilla Config Generator Apache SSL Howto

Apache has a good SSL/TLS how-to document. Even more useful, Mozilla has a configuration generator. You select your server, its version, and your OpenSSL versions, and then you select the security profile.

Which security profile should you use? It depends...

Let's say you're setting up a server for use within your organization, and you have full control of the desktop systems and any portable laptops that could be used to connect in from outside. I recommend the strictest "Modern" profile for that case. All your client machines will need to be fairly current, but that should already be the case.

However, let's say that you want to be open to most all clients from the public. That's my situation. I have ads on my site. While it would be nice if everyone used up-to-date operating systems and browsers, I don't want to block or even inconvenience people with somewhat outdated platforms.

I used the "Intermediate" profile as a starting point. Here is what I added toward the end of the httpd.conf configuration file, before and outside the VirtualHost stanza, so it will apply to all virtually hosted web sites I eventually set up on this server. The cipher suite is usually one enormously long line with no whitespace. That's hard to read and much harder to modify, so I prefer to split it across multiple lines. Just make sure each backslash is the last character on its line.

# TLS only, no SSL
SSLProtocol all -SSLv2 -SSLv3
# Specify ciphers in a preferred order.  I reordered what the configuration
# generator gave me, putting better ciphers first.
SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:\
ECDHE-RSA-CHACHA20-POLY1305:\
ECDHE-ECDSA-AES256-GCM-SHA384:\
ECDHE-RSA-AES256-GCM-SHA384:\
DHE-RSA-AES256-GCM-SHA384:\
ECDHE-ECDSA-AES128-GCM-SHA256:\
ECDHE-RSA-AES128-GCM-SHA256:\
DHE-RSA-AES128-GCM-SHA256:\
ECDHE-ECDSA-AES256-SHA384:\
ECDHE-ECDSA-AES128-SHA256:\
ECDHE-ECDSA-AES256-SHA:\
ECDHE-ECDSA-AES128-SHA:\
ECDHE-RSA-AES256-SHA384:\
ECDHE-RSA-AES128-SHA256:\
ECDHE-RSA-AES256-SHA:\
ECDHE-RSA-AES128-SHA:\
DHE-RSA-AES256-SHA256:\
DHE-RSA-AES128-SHA256:\
DHE-RSA-AES256-SHA:\
DHE-RSA-AES128-SHA:\
AES256-GCM-SHA384:\
AES128-GCM-SHA256:\
AES256-SHA256:\
AES128-SHA256:\
AES256-SHA:\
AES128-SHA:\
ECDHE-ECDSA-DES-CBC3-SHA:\
ECDHE-RSA-DES-CBC3-SHA:\
EDH-RSA-DES-CBC3-SHA:\
DES-CBC3-SHA:\
!DSS

SSLHonorCipherOrder     on
# Disable compression and session tickets
SSLCompression          off
SSLSessionTickets       off
# Enable OCSP Stapling
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
SSLUseStapling On
SSLStaplingCache "shmcb:logs/ssl_stapling(32768)"
# Enable session resumption (caching).
# However do not use large values.  Large advertisers like
# Google and Facebook use that to track users.  Your site will
# look suspicious if it does this.  See, for example:
#   https://www.zdnet.com/article/advertisers-can-track-users-across-the-internet-via-tls-session-resumption/
# 300 seconds (5 minutes) seems reasonable.  That's actually the
# default, no need to specify that, but here's the syntax.
SSLSessionCache "shmcb:logs/ssl_scache"
SSLSessionCacheTimeout 300
# Insist on HSTS or HTTP Strict Transport Security
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

And with that, an A+ evaluation from the Qualys analyzer:

Screenshot of Qualys SSL Labs A+ analysis of a HTTPS web server
More cautious configuration with Nginx

The server supports 3DES as a fallback position if none of the stronger ciphers are supported. That allows connections from IE 8 on XP. While 3DES is flagged in the report as weak, at least at the time that I did this it did not lower the score. Unlike RC4, which capped the grade at B at the time.

DNS CAA or Certification Authority Authorization provides a way to indicate in a DNS record just who is allowed to be a CA for the site. See this Qualys blog for details on what CAA is, and how the CA/Browser Forum has mandated its use.

Google Domains did not yet support CAA records when I started this project in July 2017, as you can see below. Google Cloud DNS, a different product, did.

Screenshot of Google Domains dashboard showing available record types.

By February 2018, they had added CAA records:

Screenshot of Google Domains dashboard with CAA records available.

Let's test it:

$ dig @localhost cromwell-intl.com CAA

; <<>> DiG 9.10.6-P1 <<>> @localhost cromwell-intl.com CAA
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26186
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cromwell-intl.com.		IN	CAA

;; ANSWER SECTION:
cromwell-intl.com.	3570	IN	CAA	128 issue "letsencrypt.org"

;; AUTHORITY SECTION:
cromwell-intl.com.	78163	IN	NS	ns-cloud-c1.googledomains.com.
cromwell-intl.com.	78163	IN	NS	ns-cloud-c4.googledomains.com.
cromwell-intl.com.	78163	IN	NS	ns-cloud-c3.googledomains.com.
cromwell-intl.com.	78163	IN	NS	ns-cloud-c2.googledomains.com.

;; Query time: 0 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Feb 14 14:44:24 EST 2018
;; MSG SIZE  rcvd: 198 

Final Step

I was very happy with this result! There are just a few more things to do.

Proceed to the final step to see how to tune the HTTP(S) headers.

Final step: HTTPS Headers