Differences

This shows you the differences between two versions of the page.

--- apache:activate_ssl [2020/07/17 14:26] – old revision restored (2016/10/11 00:10) 198.27.66.59
+++ apache:activate_ssl [2022/06/14 08:16] (current) – [Configure the Virtual Host] peter
@@ Line 1: / Line 1: @@
 ====== Apache - Activate SSL ======
+===== Create folder for ssl certificate and key =====
+sudo mkdir /etc/apache2/ssl
+----
+===== Get a certificate =====
+Obtain one from a recognized certificate authority, or alternatively create your own.
+Create .key file and .crt file and after that load both apache2...
+<code bash>
+sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
+</code>
+<WRAP notice>
+**NOTE**:  When you enter all the details for the certificate make sure that you have the same common name as your hostname, otherwise you will get a warning in your apache2 log for not having the right hostname. (not neccessary, but better to avoid this)
+Be sure to keep the intermediate files (.key and .csr) that you create in this step.
+</WRAP>
+----
+===== Activate SSL =====
 Issue the following command:
@@ Line 7: / Line 36: @@
 </code>
-**NOTE:**  You do not have to edit your **ports.conf** file because it already contains Listen 443.
+----
-Edit **/etc/apache2/mods-enabled/ssl.conf** (which was moved from mods-available/ssl.conf, along with ssl.load, by the a2enmod ssl command I think.  You can move them manually if you like, but I don't know if a2enmod ssl does other tasks as well.):
+===== Listen on Port 443 =====
+SSL sites run under port 443 so enable **Listen 443** in **/etc/apache2/ports.conf**.
+<code bash>
+vi /etc/apache2/ports.conf
+</code>
+<WRAP info>
+**NOTE:**  You do not have to edit your **ports.conf** file because it already contains **Listen 443**.
+</WRAP>
+----
+===== Create a SSL page under sites-available =====
+<code bash>
+sudo file /etc/apache2/sites-available/ssl
+</code>
+and populate the file as:
+<file bash site.conf>
+<virtualhost *:443>
+  SSLEngine On
+  SSLCertificateFile /etc/apache2/ssl/apache.crt
+  SSLCertificateKeyFile /etc/apache2/ssl/apache.key
+  DocumentRoot /var/www/yourlink
+</virtualhost>
+</file>
+----
+===== Configure the Virtual Host =====
+Edit **/etc/apache2/mods-enabled/ssl.conf** (which was moved from **/etc/apache2/mods-available/ssl.conf**, along with ssl.load, by the **a2enmod ssl** command.):
 <file bash /etc/apache2/mods-enabled/ssl.conf>
 NameVirtualHost [your IP address]:443
-< VirtualHost [your IP address]:443>
+<VirtualHost [your IP address]:443>
-       ServerSignature On
+  ServerSignature On
-       SSLCertificateFile    /path/to/the/certificate/from/your/certificate/company/apache.crt
+  SSLCertificateFile    /path/to/the/certificate/from/your/certificate/company/apache.crt
-       SSLCertificateKeyFile /path/to/the/file/created/in/step/1.key [can be a .pem file too I think]
+  SSLCertificateKeyFile /path/to/the/file/created/in/step/1.key [can be a .pem file too I think]
-       SSLCertificateChainFile /path/to/intermediate/cert.crt [optional, only if yout certificate compay provides you with one]
+  SSLCertificateChainFile /path/to/intermediate/cert.crt [optional, only if your certificate company provides you with one]
-      SSLEngine On
+  SSLEngine On
-</VirtualHost >
+</VirtualHost>
 </file>
+<WRAP info>
 **NOTE**: You can also put the line **NameVirtualHost [your IP address]:443** into **/etc/apache2/apache2.conf** for clarity.
+</WRAP>
 Now you can set up the site you want to run using SSL as you normally would. For example, you might have a file called 'mysite.conf' in /etc/apache2/sites-enabled, and you might add this to it:
@@ Line 47: / Line 113: @@
+Restart apache, and your site should work
+----
-. Restart apache, and your site should work
 ===== References =====
@@ Line 57: / Line 122: @@
   * https://help.ubuntu.com/community/forum/server/apache2/SSL
   * http://wiki.vpslink.com/Enable_SSL_on_Apache2