To enable SSL in Apache, we need to perform some steps.
We start by generating a key for our server:
openssl genrsa -out server.key 4096
Then we generate a Certificate Signing Request (CSR) based on this key:
openssl req -new -key server.key -out server.csr
Make sure that you enter a valid value for Common Name (CN). It is vital that you enter the Fully Qualified Domain Name (FQDN) or IP address of your server here.
If we want a legitimate SSL certificate for Apache, we need to take this file to a Certificate Authority (CA) and have them generate a certificate. However, if you want a certificate to play around with, it is enough to sign it yourself:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
In either case, we can now continue to create an SSL directory for Apache:
Move the necessary files to this directory:
mv server.key /etc/apache2/ssl mv server.crt /etc/apache2/ssl
Now tell Apache to use SSL and these brand new files by editing /etc/apache2/sites-enabled/000-default:
SSLEngine On SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key
And now start Apache:
Check if it works by connecting to https://yourservername. If you use a self-signed certificate, your browser will warn you that, although the connection is encrypted, it is a self-signed certificate and you shouldn’t trust the website.