Table of Contents
Apache - Activate SSL
Create folder for ssl certificate and key
sudo mkdir /etc/apache2/ssl
Get a certificate
Obtain one from a recognized certificate authority, or alternatively create your own.
Create .key file and .crt file and after that load both apache2…
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
NOTE: When you enter all the details for the certificate make sure that you have the same common name as your hostname, otherwise you will get a warning in your apache2 log for not having the right hostname. (not neccessary, but better to avoid this)
Be sure to keep the intermediate files (.key and .csr) that you create in this step.
Activate SSL
Issue the following command:
a2enmod ssl
Listen on Port 443
SSL sites run under port 443 so enable Listen 443 in /etc/apache2/ports.conf.
vi /etc/apache2/ports.conf
NOTE: You do not have to edit your ports.conf file because it already contains Listen 443.
Create a SSL page under sites-available
sudo file /etc/apache2/sites-available/ssl
and populate the file as:
- site.conf
<virtualhost *:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key DocumentRoot /var/www/yourlink </virtualhost>
Configure the Virtual Host
Edit /etc/apache2/mods-enabled/ssl.conf (which was moved from /etc/apache2/mods-available/ssl.conf, along with ssl.load, by the a2enmod ssl command.):
- /etc/apache2/mods-enabled/ssl.conf
NameVirtualHost [your IP address]:443 <VirtualHost [your IP address]:443> ServerSignature On SSLCertificateFile /path/to/the/certificate/from/your/certificate/company/apache.crt SSLCertificateKeyFile /path/to/the/file/created/in/step/1.key [can be a .pem file too I think] SSLCertificateChainFile /path/to/intermediate/cert.crt [optional, only if your certificate company provides you with one] SSLEngine On </VirtualHost>
NOTE: You can also put the line NameVirtualHost [your IP address]:443 into /etc/apache2/apache2.conf for clarity.
Now you can set up the site you want to run using SSL as you normally would. For example, you might have a file called 'mysite.conf' in /etc/apache2/sites-enabled, and you might add this to it:
- /etc/apache2/sites-enabled/mysite.conf
<VirtualHost [your ip]:443> ServerName mysite.com:443 ServerAlias www.mysite.com DocumentRoot /path/to/www/root/for/ssl/site </VirtualHost>
To run a non-ssl site, you might have this entry in the same mysite.conf file:
- /etc/apache2/sites-enabled/mysite.conf
<VirtualHost *:80> ServerName mysite.com ServerAlias *.mysite.com DocumentRoot /path/to/normal/site </VirtualHost>
Restart apache, and your site should work