====== Apache - Activate SSL ======

===== Create folder for ssl certificate and key =====

sudo mkdir /etc/apache2/ssl 

----

===== Get a certificate =====

Obtain one from a recognized certificate authority, or alternatively create your own.

Create .key file and .crt file and after that load both apache2...

<code bash>
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
</code>

<WRAP notice>
**NOTE**:  When you enter all the details for the certificate make sure that you have the same common name as your hostname, otherwise you will get a warning in your apache2 log for not having the right hostname. (not neccessary, but better to avoid this)

Be sure to keep the intermediate files (.key and .csr) that you create in this step.

</WRAP>



----

===== Activate SSL =====

Issue the following command:

<code>
a2enmod ssl
</code>

----

===== Listen on Port 443 =====

SSL sites run under port 443 so enable **Listen 443** in **/etc/apache2/ports.conf**.

<code bash>
vi /etc/apache2/ports.conf
</code>

<WRAP info>
**NOTE:**  You do not have to edit your **ports.conf** file because it already contains **Listen 443**.
</WRAP>

----

===== Create a SSL page under sites-available =====

<code bash>
sudo file /etc/apache2/sites-available/ssl
</code>

and populate the file as:

<file bash site.conf>
<virtualhost *:443>
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/apache.crt
  SSLCertificateKeyFile /etc/apache2/ssl/apache.key
  DocumentRoot /var/www/yourlink
</virtualhost>
</file>

----

===== Configure the Virtual Host =====

Edit **/etc/apache2/mods-enabled/ssl.conf** (which was moved from **/etc/apache2/mods-available/ssl.conf**, along with ssl.load, by the **a2enmod ssl** command.):

<file bash /etc/apache2/mods-enabled/ssl.conf>
NameVirtualHost [your IP address]:443
<VirtualHost [your IP address]:443>
  ServerSignature On
  SSLCertificateFile    /path/to/the/certificate/from/your/certificate/company/apache.crt
  SSLCertificateKeyFile /path/to/the/file/created/in/step/1.key [can be a .pem file too I think]
  SSLCertificateChainFile /path/to/intermediate/cert.crt [optional, only if your certificate company provides you with one]
  SSLEngine On
</VirtualHost>
</file>

<WRAP info>
**NOTE**: You can also put the line **NameVirtualHost [your IP address]:443** into **/etc/apache2/apache2.conf** for clarity.

</WRAP>

Now you can set up the site you want to run using SSL as you normally would. For example, you might have a file called 'mysite.conf' in /etc/apache2/sites-enabled, and you might add this to it:

<file bash /etc/apache2/sites-enabled/mysite.conf>
<VirtualHost [your ip]:443> 
  ServerName mysite.com:443
  ServerAlias www.mysite.com
  DocumentRoot /path/to/www/root/for/ssl/site
</VirtualHost>
</file>


To run a non-ssl site, you might have this entry in the same mysite.conf file:

<file bash /etc/apache2/sites-enabled/mysite.conf>
<VirtualHost *:80>
  ServerName mysite.com
  ServerAlias *.mysite.com
  DocumentRoot /path/to/normal/site
</VirtualHost>
</file>


Restart apache, and your site should work

----

===== References =====


  * https://help.ubuntu.com/community/forum/server/apache2/SSL
  * http://wiki.vpslink.com/Enable_SSL_on_Apache2