To enable SSL support in Apache2 the first step is to create a SSL certificate. If you are not among the lucky ones having apache2-ssl-certificate installed you can use the Linux shell script below to create a SSL certificate
The SERVER variable is very important. Please name your fully qualified server name there. After executing the script and answering the questions you've got two files: the certificate file (suffix .crt) and the key file (suffix .key).
Copy those two files into the directory /etc/apache2/ssl.
Now install the Apache2 ssl module: a2enmod ssl
The next step is to create a new virtual host for our https sites. Simply copy the default site to a new site called default-ssl:
#!/bin/bash
SERVER=your.server.com
PRIVATE_KEY=$SERVER.private.key
CERTIFICATE_FILE=$SERVER.crt
VALID_DAYS=365
echo Delete old private key
rm $PRIVATE_KEY
echo Create new private/public-keys without passphrase for server
openssl genrsa -out $PRIVATE_KEY 1024
echo Create selfsigned certificate
rm $CERTIFICATE_FILE
# From man req:
# -x509
# this option outputs a self signed certificate instead
# of a certificate request. This is typically used to
# generate a test certificate or a self signed root CA.
# The extensions added to the certificate (if any) are
# specified in the configuration file.
openssl req -new -days $VALID_DAYS -key $PRIVATE_KEY -x509 -out $CERTIFICATE_FILE
echo private-keyfile is $PRIVATE_KEY
echo server-certificate-file is $CERTIFICATE_FILE
ls -l $PRIVATE_KEY $CERTIFICATE_FILE
The SERVER variable is very important. Please name your fully qualified server name there. After executing the script and answering the questions you've got two files: the certificate file (suffix .crt) and the key file (suffix .key).
Copy those two files into the directory /etc/apache2/ssl.
Now install the Apache2 ssl module: a2enmod ssl
The next step is to create a new virtual host for our https sites. Simply copy the default site to a new site called default-ssl:
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default-ssl
Replace the first two lines in the file with the following lines:
NameVirtualHost :443:443> # SSL (START) SSLEngine on SSLCertificateFile /etc/apache2/ssl/my.apache.crt SSLCertificateKeyFile /etc/apache2/ssl/my.apache.key SSLProtocol all SSLCipherSuite HIGH:MEDIUM # SSL (ENDE)
After this edit the file /etc/apache2/ports.conf and add the following line:
Listen 443
The last thing is to enable the site calling a2ensite default-ssl
Finally restart your Apache2: /etc/init.d/apache2 restart
No comments:
Post a Comment