SSL in Apache

I recently tested setting up SSL for my web server. I will outline how I set this up using a self-signed certificate. Some useful references are this, this, this, and this.

I assume Apache is up and running and OpenSSL is installed.

Set up SSL certificates:

<pre class="src src-sh">sudo a2enmod ssl

cd /etc/apache2 sudo openssl genrsa -des3 -out server.key 1024 ## leave out -des3 so I don’t have to enter passphrase every time sudo openssl req -new -key server.key -out server.csr sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt sudo cp server.crt /etc/ssl/certs/ sudo cp server.key /etc/ssl/private/

Now, place the following in the site configuration file (in /etc/sites-enabled/) before ==:

<pre class="src src-sh">SSLEngine on

SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key

For example, I changed my /etc/apache2/sites-available/www.mydomain.com from

<pre class="src src-sh"><span style="color: #ff4500;"># </span><span style="color: #ff4500;">Basic setup</span>

ServerAdmin my.email@my.domain.com ServerName www.mydomain.com DocumentRoot /home/user/www.mydomain.com/htdocs/

# HTML documents, with indexing.

Options +Includes

# CGI Handling ScriptAlias /cgi-bin/ /home/user/www.mydomain.com/cgi-bin/

Options +ExecCGI

# Logfiles ErrorLog /home/user/www.mydomain.com/logs/error.log CustomLog /home/user/www.mydomain.com/logs/access.log combined

to

<pre class="src src-sh"><span style="color: #ff4500;">## </span><span style="color: #ff4500;">following 2 for ssl</span>

NameVirtualHost *:443 NameVirtualHost *:80

# Basic setup ServerAdmin my.email@my.domain.com ServerName www.mydomain.com DocumentRoot /home/user/www.mydomain.com/htdocs/

# HTML documents, with indexing.

Options +Includes

# CGI Handling ScriptAlias /cgi-bin/ /home/user/www.mydomain.com/cgi-bin/

Options +ExecCGI

# Logfiles ErrorLog /home/user/www.mydomain.com/logs/error.log CustomLog /home/user/www.mydomain.com/logs/access.log combined

# Basic setup ServerAdmin my.email@my.domain.com ServerName www.mydomain.com DocumentRoot /home/user/www.mydomain.com/htdocs/

# HTML documents, with indexing.

Options +Includes

# CGI Handling ScriptAlias /cgi-bin/ /home/user/www.mydomain.com/cgi-bin/

Options +ExecCGI

# Logfiles ErrorLog /home/user/www.mydomain.com/logs/error.log CustomLog /home/user/www.mydomain.com/logs/access.log combined

# Authenticatiion

ScriptAlias /cgi-bin/ /home/user/www.mydomain.com/cgi-bin/

Options +ExecCGI

# Logfiles ErrorLog /home/user/www.mydomain.com/logs/error.log CustomLog /home/user/www.mydomain.com/logs/access.log combined

SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key

Now I can use both http or https when accessing my site.

I run multiple sites on the same server. I wanted to use SSL on one or all of these sites, but that is not possible without having a static IP for each site. The reason is the HTTP header is encrypted, so Apache doesn’t know which site to take you to. See this and this for explanations.

About Vinh Nguyen

Statistician

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>