Saturday, April 05, 2008
configure SSL for apache
We assume Apache2 webserver is already installed on running on your computer, along with PHP.
To add ssl support for Apache2:
1. install openssl package "sudo apt-get install openssl"
2. generate your ssl certificate, run "sudo openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem"
3. secure your .pem file: "sudo chmod 600 /etc/apache2/apache.pem"
4. load apache ssl module:
"sudo ln -s /etc/apache2/modules-available/ssl.* /etc/apache2/modules-enabled/"
5. make a copy of apache configuration file: "sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl"
6. make a symlink to automatically load this configuration file: "sudo ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/"
7. edit /etc/apache2/sites-available/ssl and make it start with:
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/apache.pem
...
</VirtualHost>
8. make sure Apache2 is listening to port 443, open /etc/apache2/ports.conf and add "Listen 443"
9. restart Apache "sudo /etc/init.d/apache2 restart"
That's it, try out https://servername, it should work.
[Subodomains]
If you've configured Apache to use subdomains, you need to configure explicitly subdomains for port 443 too. Copy your existing virtual host subdomain configuration (with DocumentRoot section) and wrap it into a <VirtualHost *:443> node. Make sure you've added "SSLEngine On" and "SSLCertificateFile [location]" too for each subdomain configuration in your http.conf file, otherwise it won't work. If you intend to use the site on both https and http, you need to configure it for both cases.
To add ssl support for Apache2:
1. install openssl package "sudo apt-get install openssl"
2. generate your ssl certificate, run "sudo openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem"
3. secure your .pem file: "sudo chmod 600 /etc/apache2/apache.pem"
4. load apache ssl module:
"sudo ln -s /etc/apache2/modules-available/ssl.* /etc/apache2/modules-enabled/"
5. make a copy of apache configuration file: "sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl"
6. make a symlink to automatically load this configuration file: "sudo ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/"
7. edit /etc/apache2/sites-available/ssl and make it start with:
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/apache.pem
...
</VirtualHost>
8. make sure Apache2 is listening to port 443, open /etc/apache2/ports.conf and add "Listen 443"
9. restart Apache "sudo /etc/init.d/apache2 restart"
That's it, try out https://servername, it should work.
[Subodomains]
If you've configured Apache to use subdomains, you need to configure explicitly subdomains for port 443 too. Copy your existing virtual host subdomain configuration (with DocumentRoot section) and wrap it into a <VirtualHost *:443> node. Make sure you've added "SSLEngine On" and "SSLCertificateFile [location]" too for each subdomain configuration in your http.conf file, otherwise it won't work. If you intend to use the site on both https and http, you need to configure it for both cases.
# posted by remy215 @ 4:12 PM 
