Tuesday, March 1, 2011

How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu


  • what we need?
  1. apache(webserver)


  1. openssl






step 1:create a self-signed certificate

you need to create a self-signed certificate with openssl. to do that you will need to generate the server key.
openssl genrsa -des3 -out server -sec.key 4096
...and certificate signing request(csr)
openssl req -new-key server -sec.key -out server.csr
after that,generate the server certificate by signing it with the server key.
openssl X509 -req-days 365 -in server .csr-signkey server-sec.key-out server.crt
keep the server-sec.key in the secure location,with read/write permission assigned only to root.The generate a password-less copy of the key for Apache use.
openssl rsa -in server-sec.key -out server.key
By this time,you should have:
  • server.key(passwordless key for Apache)
  • server .csr(certificates signing request)
  • server.crt(certificate)
  • server -sec.key (server key)

step2:enable SSL config in Apache

in this step.you must enable SSL website in Apache by creating a symlink of 'default-ssl'.

1n -s/etc/apache2/sites -available/default -ssl/etc/apache2/sites-enabled/100-default-ssl

The edit/etc/apache2/sites-available/default -ssl file using your favorite text editors(i prefer nano!)and change the config from something this:

serveradmin webmaster@localhost

servername localhost

documentroot/var/www-ssl/html/

...

...

Then in the same default-ssl file,find a line that begins with "SSLEngine on"and add the following lines

SSLEngine on

..

..

#SSLCertificatefile/etc/ssl/certs/ssl-certs-snakeoil.pem

#SSLCertificatekeyfile/etc/ssl/certs/ssl-cert-snakeoil.key

SSLCertificateFile/etc/apache2/ssl/server.crt

SSLCertificatekeyFile/etc/apache2/ssl/server.key

step3:copying certificates and activating SSL.

Ensure that the config file has been saved.Then as root,create /etc/apache2/ssl/directory,then copy the certificate and server key generated from step 1 to /etc/apache2/ssl/directory.
mkdir/etc/apache2/ssl
cp server.key/etc/apache2/ssl
cp server.crt/etc/apache2/ssl
After that ,enable SSL module by typing
a2enmad ssl
Finally ,restart apache2 by typing(as root,sudo):
/etc/init.d/apache2 restart

result :a secure HTTP connection










Posted by at

1 comment:

Subscribe to: Post Comments (Atom)