Configuring Apache2 with SSL (creating your own SSL certificate)
Here's the scenario:
You have setup your web server using apache2, but now you want to serve some content off a secure site. The easiest way to achieve this, is to configure apache with your ssl certificate. This way apache takes care of encrypting the channel of communication between the browser and server.
Things you'll need:
- apache2
- openssl library
- SSL certificate
For purpose of this tutorial, i'm using Ubuntu 7.10 as my linux installation
Installing OpenSSL library
Installing this should be a piece of cake on any linux installation as this is a very widespread used library. On ubuntu you can simply do
sudo apt-get install openssl
for red-hat based systems you should be able to simply use "yum install openssl " .
Generating self signed SSL certificate
you can easily generate a ssl certificate using openssl library. Before we generate the certificate we will create the directory to hold them. Later, we will generate a private key that is file encrypted. This will be used to create our certificate
UPDATED !!
sudo mkdir /etc/apache2/ssl
cd /etc/apache2/ssl
openssl genrsa -des3 -out keyname.key 4096This will prompt for your password now, and also when you (re)start your webserver. This can be an issue, as your web server will halt for password prompt at boot time. To avoid that, I prefer to create a key without file encryption:
openssl rsa -in keyname.key -out keyname.insecure.key
Now we can use this key to generate our certificate
openssl req -new -x509 -days 365 -key keyname.key -out cert_name.crt
we should have following files at the end
- keyname.key
- keyname.insecure.key
- cert_name.crt (valid for 365 days)
What we have done is to create ourselves a digital certificate, encrypted with our private key. If you wanna be thorough and proper, you can supply this certificate along with your credentials to a company like verisign to sign you certificate and make it official. But the certificate is Good as it is to enable us running a secure site.
Configuring Apache
First of all we need to enable ssl module in apache. It is included by default, but not enabled.
sudo a2enmod ssl
should do the trick for us.
Also we need to make a seperate document root for secure site.
sudo mkdir /var/www-ssl
Second, we have to configure our secure site. We'll use the configuration defined for the default http site as a template and modify it to server a secure site on https
cd /etc/apache2
sudo cp sites-available/default sites-available/secure
sudo ln -s sites-available/secure sites-enabled/securemaking a link to our secure conf in sites-enabled will cause apache to load secure configuration as well.
Third, we have to modify default and secure configurations
default configuration
change
NameVirtualHost *
<VirtualHost *>
To
NameVirtualHost *:80
<VirtualHost *:80>
make sure you fix all your VirtualHost directives.
secure configuration
Change
NameVirtualHost *
<VirtualHost *>
To
NameVirtualHost *:443
<VirtualHost *:443>
and add following lines in your virtual host decleration block
DocumentRoot /var/www-ssl/
SSLEngine On
SSLCertificateFile /etc/httpd/ssl.crt/cert_name.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/keyname.insecure.key
That All Folks!!!!
In case you are wondering that what happened to the port configuration and ssl configurations; well, apache2 installation on ubuntu is all setup for running a secure site. The magic happens when you execute the a2enmod ssl command. That command makes a link to ssl-mod and ssl-conf in mods-enabled dir of apache2 setup. This way apache will pick up the ssl-mod and default configurations that our mates at apache have graciously done for us.
Server Restart
sudo /etc/init.d/apache2 restart
OR (if you want zero downtime)
sudo /etc/init.d/apache2 reloadnow go to the https://
Happy Days :)
following link were great help in getting me up and running with my secure site and compiling this tutorial