Companies or platforms like Cloudflare work as your security partners by ensuring the communication between users’ browser and your web server is secured. I assume that you have a clear idea about the need for SSL in an application or a web site. Let’s see the steps to set up SSL using Cloudflare:
1. Login to your server and make sure Apache mod_ssl module is installed. In other words, make sure the Apache server configuration file – ssl.conf is present in /etc/httpd/conf.d. If it’s not, read this post to find out how to install mod_ssl module.
2. Login to your Cloudflare account and select the domain you want to secure.
3. Go to DNS tab and make sure you have added Records for the domain and sub domains if any.
4. Go to SSL/TLS tab. In the Overview section, make sure to have set the SSL/TLS encryption mode to Full. Now go to Origin Server section and click on Create Certificate to view the Origin Certificate Installation section as shown below:
For Cloudflare to generate a Private Key and a Certificate Signing Request (CSR) for you, select “Generate private key and CSR with Cloudflare” option. Next, enter your domain/host names that the certificate should protect. Remember, you can also use wildcards. Choose a certificate validity and click on Create. Cloudflare will create a certificate and a private key which you can copy and save to my-cert.crt and my-key.key respectively.
Now if you go back to the Origin Certificates section, you can see the new certificate generated with an expiry date.
5. You can optionally set Page Rules associated with your application’s URLs. Go to Rules tab and click on Create Page Rule to add a rule. You can add up to 3 rules with your free Cloudflare account. Following is an example rule set for URL redirect:
In this case, any request to mydomain.com will be redirected to mydomain.com/home. If you have a context name say “app” the redirection URL can be mydomain.com/app/home. There are many other Page Rule options that you may explore and find out.
This completes the configurations required on Cloudflare side to set up SSL.
6. Now login to your server and copy the locally created .crt and .key files to a new folder (/opt/ssl_certs/cloudflare/).
7. Open /etc/httpd/conf.d/ssl.conf file to add the certificate and key file locations in <VirtualHost> section. Search for SSLCertificateFile and uncomment if it’s commented. SSLCertificateFile should point to the certificate file as shown below:
SSLCertificateFile /opt/ssl_certs/cloudflare/my-cert.crtSimilarly SSLCertificateKeyFile should point to the key file as shown below:
SSLCertificateKeyFile /opt/ssl_certs/cloudflare/my-key.keyThat’s it! These are the minimum steps you need to follow to set up free SSL certificate in a Linux server using Cloudflare.