Enable SSL in Apache

apache

To enable SSL in Apache, we need to perform some steps.

We start by generating a key for our server:

openssl genrsa -out server.key 4096

Then we generate a Certificate Signing Request (CSR) based on this key:

openssl req -new -key server.key -out server.csr

Make sure that you enter a valid value for Common Name (CN). It is vital that you enter the Fully Qualified Domain Name (FQDN) or IP address of your server here.

If we want a legitimate SSL certificate for Apache, we need to take this file to a Certificate Authority (CA) and have them generate a certificate. However, if you want a certificate to play around with, it is enough to sign it yourself:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

In either case, we can now continue to create an SSL directory for Apache:

mkdir /etc/apache2/ssl

Move the necessary files to this directory:

mv server.key /etc/apache2/ssl
mv server.crt /etc/apache2/ssl

Now tell Apache to use SSL and these brand new files by editing /etc/apache2/sites-enabled/000-default:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

And now start Apache:

/etc/init.d/apache2 start

Check if it works by connecting to https://yourservername. If you use a self-signed certificate, your browser will warn you that, although the connection is encrypted, it is a self-signed certificate and you shouldn’t trust the website.

Leave a Reply

Your email will not be published. Name and Email fields are required.