Setting up SSL with Apache2

Once the server is installed you need to do three things to get a working SSL setup:

• Generate, or import, a certificate.
• Enable Apaches SSL support.
• Configure your SSL options.

Generate self-signed certificate

To create the self-signed certificate, run the following command

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

The above command will prompt you to enter the passphrase. Once you enter the correct passphrase, your certificate will be created and it will be stored in the server.crt file

Installing the Certificate

You can install the key file server.key and certificate file server.crt, or the certificate file issued by your CA, by running following commands

sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Enabling SSL Support

To use the SSL facilities of Apache2 you must enable the module mod_ssl

a2enmod ssl

Create a SSL conf. file (if needed) and establish a necessary symlink.

If you do not have SSL conf file (/etc/apache2/sites-available/default-ssl) need to copy the 'default' conf as a stub for the 'default-ssl' conf.

cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default-ssl

Next, establish a symlink from the 'available' default-ssl file to the 'enabled' file.

ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl 

Now we need to change the port address in /etc/apache2/ports.conf by default it will listen port 80 and now we are installing with SSL we need to change port 443 to listen

 Listen 443

With these two steps out of the way you now have an Apache setup which will listen for and accept SSL connections. The next step is to modify your virtualhosts to use it.

Configuring your SSL Hosts

The final step is to ensure that your virtual hosts, or main host, will accept SSL options