How-To Enable SSL on Apache2 Server
Why to Enable SSL Mode?
Without digressing too much in the Security topic, SSL (Secure Socket Layer) is a cryptographic protocol that provides security for communications over networks such as the Internet. Therefore, you will need such a protocol to protect your connection with the web server by encrypting the information being exchanged. So, if a sniffer drops into the connection then that information is not compromised. e.g. remotely logging in to your machine requires from you to submit your username and password. If the connection is not encrypted using one of the cryptographic protocols then such must-be-kept-secret information is exposed and imagine the impact on your system if such info was in somebody’s hand!
So, let’s discuss the steps of how to enable the SSL mode:
- Generate a Self-Signed Certificate
cd /etc/apache2/ sudo mkdir certs cd ./certs sudo openssl req -new -x509 -nodes -days 365 -out server.crt -keyout server.key
- Encrypt the Private Key (Optional)
The way of doing it is by passing a “passphrase“:sudo openssl rsa -des3 -in server.key -out server.key
Note: I tend not to do this step due to the fact that when Apache2 is restarted you will be asked to type the passphrase again. Therefore, I just change the key and certificate files permission so they are only read by Apache2!
- Enable the SSL Modules
You can either enable the SSL Module by running these commands:sudo a2enmod ssl sudo /etc/init.d/apache2 restart
OR if you are curious about what it does you can do the following steps instead:
cd /etc/apache2/mods-enabled sudo ln -s /etc/apache2/mods-available/ssl.load ./ sudo /etc/init.d/apache2 restart
- Create the SSL Site
sudo pico /etc/apache2/sites-available/MySSL
################################## ##-->@Author Husain Al-Khamis<--## ################################## <VirtualHost "*:443"> ServerAdmin webmaster@localhost DocumentRoot /var/www ##-->Me<--## SSLEngine on SSLCertificateFile /etc/apache2/certs/server.crt SSLCertificateKeyFile /etc/apache2/certs/server.key ##-->Me<--## <Directory "/"> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> - Listen on Port 443
Open ports.conf:sudo pico /etc/apache2/ports.conf
And add the following:
<IfModule mod_ssl.c> # SSL name based virtual hosts are not yet supported, therefore no # NameVirtualHost statement here NameVirtualHost *:443 Listen 443 </IfModule>
- Enable the SSL Site
Same as in step# 3, you can either perform these commandssudo a2ensite MySSL sudo /etc/init.d/apache2 restart
OR alternatively, you can do it manually in this way:
sudo pico /etc/apache2/apache2.conf
And add the following to the end of it:
# Include the secured host configurations: Include /etc/apache2/sites-available/MySSL
Then, Restart Apache2:
sudo /etc/init.d/apache2 restart
So, have a secure web surfing!
-
February 2, 2010 at 5:41 pm | #1How-To Set Up SVN and Trac « Strength In Diversity
-
November 10, 2011 at 7:45 pm | #2How To Set Up SVN and Trac | Yours IT Guides
Leave a Reply
Recent Comments