wiki:Internal/LoginService/SSL

Setting up SSL with Apache2

Once the server is installed you need to do three things to get a working SSL setup:

  • Generate, or import, a certificate.
  • Enable Apaches SSL support.
  • Configure your SSL options.

Generate self-signed certificate

Create a certificate:

mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

Enabling SSL Support

To use the SSL facilities of Apache2 you must enable the module mod_ssl

a2enmod ssl

Create a SSL conf. file (if needed) and establish a necessary symlink.

If you do not have SSL conf file (/etc/apache2/sites-available/default-ssl) need to copy the 'default' conf as a stub for the 'default-ssl' conf.

cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default-ssl

Next, establish a symlink from the 'available' default-ssl file to the 'enabled' file.

ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl 

Instruct Apache to listen to 443

Change the port address in /etc/apache2/ports.conf by default it will listen port 80 and now we are installing with SSL we need to change port 443 to listen

 Listen 443

Your ports.conf may already have an IfModule clause in it for the SSL portion. If you see this, you can just leave it as-is:

<IfModule mod_ssl.c>
    Listen 443
</IfModule>

With these two steps out of the way you now have an Apache setup which will listen for and accept SSL connections. The next step is to modify your virtualhosts to use it.

Configuring your SSL Hosts

The final step is to ensure that your virtual hosts, or main host, will accept SSL options

Configure HTTPS over port 443 (edit /etc/apache2/sites-available/default-ssl):

NameVirtualHost *:443
(Note: Look down just a bit and make a change to the virtual host settings.)
<VirtualHost *:443>
ServerName localhost
DocumentRoot /var/www-ssl/html/
(Note: Again, use your assigned IP or a DNS name followed with ":443" if you have one for ServerName.) 

Turn on the SSL engine.

Make sure the following are in your default-ssl file. The SSLengine should be on, and the cert and key should be properly path-ed:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Last modified 11 years ago Last modified on Jul 16, 2013, 1:29:20 PM
Note: See TracWiki for help on using the wiki.