Home > Linux/Unix, Open-Source > How-To Enable SSL on Apache2 Server

How-To Enable SSL on Apache2 Server


Why to Enable SSL Mode?

Without digressing too much in the Security topic, SSL (Secure Socket Layer) is a cryptographic protocol that provides security for communications over networks such as the Internet. Therefore, you will need such a protocol to protect your connection with the web server by encrypting the information being exchanged. So, if a sniffer drops into the connection then that information is not compromised. e.g. remotely logging in to your machine requires from you to submit your username and password. If the connection is not encrypted using one of the cryptographic protocols then such must-be-kept-secret information is exposed and imagine the impact on your system if such info was in somebody’s hand!

So, let’s discuss the steps of how to enable the SSL mode:

  1. Generate a Self-Signed Certificate
    cd /etc/apache2/
    sudo mkdir certs
    cd ./certs
    sudo openssl req -new -x509 -nodes -days 365 -out server.crt -keyout server.key
    
  2. Encrypt the Private Key (Optional)
    The way of doing it is by passing a “passphrase“:

    sudo openssl rsa -des3 -in server.key -out server.key
    

    Note: I tend not to do this step due to the fact that when Apache2 is restarted you will be asked to type the passphrase again. Therefore, I just change the key and certificate files permission so they are only read by Apache2!

  3. Enable the SSL Modules
    You can either enable the SSL Module by running these commands:

    sudo a2enmod ssl
    sudo /etc/init.d/apache2 restart
    

    OR if you are curious about what it does you can do the following steps instead:

    cd /etc/apache2/mods-enabled
    sudo ln -s /etc/apache2/mods-available/ssl.load ./
    sudo /etc/init.d/apache2 restart
    
  4. Create the SSL Site
    sudo pico /etc/apache2/sites-available/MySSL
    
    ##################################
    ##-->@Author Husain Al-Khamis<--##
    ##################################
    <VirtualHost "*:443">
            ServerAdmin webmaster@localhost
    
            DocumentRoot /var/www
    
            ##-->Me<--##
    
            SSLEngine on
            SSLCertificateFile /etc/apache2/certs/server.crt
            SSLCertificateKeyFile /etc/apache2/certs/server.key
    
            ##-->Me<--##
    
            <Directory "/">
                    Options FollowSymLinks
                    AllowOverride None
            </Directory>
            <Directory "/var/www/">
                    Options Indexes FollowSymLinks MultiViews
                    AllowOverride None
                    Order allow,deny
                    allow from all
            </Directory>
    
            ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
            <Directory "/usr/lib/cgi-bin">
                    AllowOverride None
                    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                    Order allow,deny
                    Allow from all
            </Directory>
    
            ErrorLog /var/log/apache2/error.log
    
            # Possible values include: debug, info, notice, warn, error, crit,
            # alert, emerg.
            LogLevel warn
    
            CustomLog /var/log/apache2/access.log combined
    
        Alias /doc/ "/usr/share/doc/"
        <Directory "/usr/share/doc/">
            Options Indexes MultiViews FollowSymLinks
            AllowOverride None
            Order deny,allow
            Deny from all
            Allow from 127.0.0.0/255.0.0.0 ::1/128
        </Directory>
    
  5. Listen on Port 443
    Open ports.conf:

    	sudo pico /etc/apache2/ports.conf
    	

    And add the following:

    	<IfModule mod_ssl.c>
    		# SSL name based virtual hosts are not yet supported, therefore no
    		# NameVirtualHost statement here
    		NameVirtualHost *:443
    		Listen 443
    	</IfModule>
    
  6. Enable the SSL Site
    Same as in step# 3, you can either perform these commands

    sudo a2ensite MySSL
    sudo /etc/init.d/apache2 restart
    

    OR alternatively, you can do it manually in this way:

    sudo pico /etc/apache2/apache2.conf
    

    And add the following to the end of it:

    # Include the secured host configurations:
    Include /etc/apache2/sites-available/MySSL
    

    Then, Restart Apache2:

    sudo /etc/init.d/apache2 restart
    

So, have a secure web surfing!

About these ads
  1. No comments yet.
  1. February 2, 2010 at 5:41 pm
  2. November 10, 2011 at 7:45 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: