Implementing SSL on your server is relatively straight forward. Its funny how things always seem relatively straight forward after you finally get it implemented. Apahce2, in Debian, starts with the ports.conf file. Add NameVirtualHost *:80 to support regular virtual hosts, and also a *:443.
Enable mod ssl:
sudo a2enmod ssl
Then for your regular virtual hosts change:
Without ssl you need not distinguish between ports and can just use a wildcard (*).
In the ssl virtual host block add the parameters to reference the certs and keys and the document root:
For this website the document root is the same that is defined in the non ssl virtual host block. The cert was created using StartSSL and is just a regular cert. The EV certs are pretty interesting being that they turn the address bar green in modern browsers; they cost some money though and required a business entity. While this entire website can be accessed using ssl, there are many links in the code that point only to http, which break ssl encryption requirements. The admin area, on the other hand, is fully ssl encrypted. You can force wordpress to use ssl for the entire admin area using (in your wp-config.php file):
Place the above code underneath the already existing ‘define’ parameters. Now when you navigate to wp-admin it will automatically load the login page as https. Just remember to configure port forwarding of 443 to your server. You should also implement a plugin called user locker. Yes the admin area may be encrypted, but this does not handle brute force attacks. User locker is kind of like fail2ban at the server level. I recommend fail2ban use always!! Especially to handle ssh brute force attacks on systems that require password login to be enabled.