User Tools

Site Tools


apache:activate_ssl

Apache - Activate SSL

Create folder for ssl certificate and key

sudo mkdir /etc/apache2/ssl


Get a certificate

Obtain one from a recognized certificate authority, or alternatively create your own.

Create .key file and .crt file and after that load both apache2…

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

NOTE: When you enter all the details for the certificate make sure that you have the same common name as your hostname, otherwise you will get a warning in your apache2 log for not having the right hostname. (not neccessary, but better to avoid this)

Be sure to keep the intermediate files (.key and .csr) that you create in this step.


Activate SSL

Issue the following command:

a2enmod ssl

Listen on Port 443

SSL sites run under port 443 so enable Listen 443 in /etc/apache2/ports.conf.

vi /etc/apache2/ports.conf

NOTE: You do not have to edit your ports.conf file because it already contains Listen 443.


Create a SSL page under sites-available

sudo file /etc/apache2/sites-available/ssl

and populate the file as:

site.conf
<virtualhost *:443>
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/apache.crt
  SSLCertificateKeyFile /etc/apache2/ssl/apache.key
  DocumentRoot /var/www/yourlink
</virtualhost>

Configure the Virtual Host

Edit /etc/apache2/mods-enabled/ssl.conf (which was moved from /etc/apache2/mods-available/ssl.conf, along with ssl.load, by the a2enmod ssl command.):

/etc/apache2/mods-enabled/ssl.conf
NameVirtualHost [your IP address]:443
<VirtualHost [your IP address]:443>
  ServerSignature On
  SSLCertificateFile    /path/to/the/certificate/from/your/certificate/company/apache.crt
  SSLCertificateKeyFile /path/to/the/file/created/in/step/1.key [can be a .pem file too I think]
  SSLCertificateChainFile /path/to/intermediate/cert.crt [optional, only if your certificate company provides you with one]
  SSLEngine On
</VirtualHost>

NOTE: You can also put the line NameVirtualHost [your IP address]:443 into /etc/apache2/apache2.conf for clarity.

Now you can set up the site you want to run using SSL as you normally would. For example, you might have a file called 'mysite.conf' in /etc/apache2/sites-enabled, and you might add this to it:

/etc/apache2/sites-enabled/mysite.conf
<VirtualHost [your ip]:443> 
  ServerName mysite.com:443
  ServerAlias www.mysite.com
  DocumentRoot /path/to/www/root/for/ssl/site
</VirtualHost>

To run a non-ssl site, you might have this entry in the same mysite.conf file:

/etc/apache2/sites-enabled/mysite.conf
<VirtualHost *:80>
  ServerName mysite.com
  ServerAlias *.mysite.com
  DocumentRoot /path/to/normal/site
</VirtualHost>

Restart apache, and your site should work


References

apache/activate_ssl.txt · Last modified: 2022/06/14 08:16 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki