Differences

This shows you the differences between two versions of the page.

--- apache:activate_ssl [2020/07/17 14:26] – old revision restored (2016/07/04 01:46) 198.27.66.59
+++ apache:activate_ssl [2022/06/14 08:16] (current) – [Configure the Virtual Host] peter
@@ Line 1: / Line 1: @@
 ====== Apache - Activate SSL ======
+===== Create folder for ssl certificate and key =====
+sudo mkdir /etc/apache2/ssl
+----
+===== Get a certificate =====
+Obtain one from a recognized certificate authority, or alternatively create your own.
+Create .key file and .crt file and after that load both apache2...
+<code bash>
+sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
+</code>
+<WRAP notice>
+**NOTE**:  When you enter all the details for the certificate make sure that you have the same common name as your hostname, otherwise you will get a warning in your apache2 log for not having the right hostname. (not neccessary, but better to avoid this)
+Be sure to keep the intermediate files (.key and .csr) that you create in this step.
+</WRAP>
+----
+===== Activate SSL =====
 Issue the following command:
@@ Line 6: / Line 35: @@
 a2enmod ssl
 </code>
+----
+===== Listen on Port 443 =====
+SSL sites run under port 443 so enable **Listen 443** in **/etc/apache2/ports.conf**.
+<code bash>
+vi /etc/apache2/ports.conf
+</code>
+<WRAP info>
+**NOTE:**  You do not have to edit your **ports.conf** file because it already contains **Listen 443**.
+</WRAP>
+----
+===== Create a SSL page under sites-available =====
+<code bash>
+sudo file /etc/apache2/sites-available/ssl
+</code>
+and populate the file as:
+<file bash site.conf>
+<virtualhost *:443>
+  SSLEngine On
+  SSLCertificateFile /etc/apache2/ssl/apache.crt
+  SSLCertificateKeyFile /etc/apache2/ssl/apache.key
+  DocumentRoot /var/www/yourlink
+</virtualhost>
+</file>
+----
+===== Configure the Virtual Host =====
+Edit **/etc/apache2/mods-enabled/ssl.conf** (which was moved from **/etc/apache2/mods-available/ssl.conf**, along with ssl.load, by the **a2enmod ssl** command.):
+<file bash /etc/apache2/mods-enabled/ssl.conf>
+NameVirtualHost [your IP address]:443
+<VirtualHost [your IP address]:443>
+  ServerSignature On
+  SSLCertificateFile    /path/to/the/certificate/from/your/certificate/company/apache.crt
+  SSLCertificateKeyFile /path/to/the/file/created/in/step/1.key [can be a .pem file too I think]
+  SSLCertificateChainFile /path/to/intermediate/cert.crt [optional, only if your certificate company provides you with one]
+  SSLEngine On
+</VirtualHost>
+</file>
+<WRAP info>
+**NOTE**: You can also put the line **NameVirtualHost [your IP address]:443** into **/etc/apache2/apache2.conf** for clarity.
+</WRAP>
+Now you can set up the site you want to run using SSL as you normally would. For example, you might have a file called 'mysite.conf' in /etc/apache2/sites-enabled, and you might add this to it:
+<file bash /etc/apache2/sites-enabled/mysite.conf>
+<VirtualHost [your ip]:443>
+  ServerName mysite.com:443
+  ServerAlias www.mysite.com
+  DocumentRoot /path/to/www/root/for/ssl/site
+</VirtualHost>
+</file>
+To run a non-ssl site, you might have this entry in the same mysite.conf file:
+<file bash /etc/apache2/sites-enabled/mysite.conf>
+<VirtualHost *:80>
+  ServerName mysite.com
+  ServerAlias *.mysite.com
+  DocumentRoot /path/to/normal/site
+</VirtualHost>
+</file>
+Restart apache, and your site should work
+----
+===== References =====
+  * https://help.ubuntu.com/community/forum/server/apache2/SSL
+  * http://wiki.vpslink.com/Enable_SSL_on_Apache2