fir3net
PPS-Firenetbanner-780.5x190-30-03-17

Configuring SSL within Apache

Within this article we will show you how to configure Apache to serve your content over a SSL based connection using a self signed certificate.

Generate Certificate/Key

First of all we generate a self signed certificate using openssl. This will create 2 files, a public certificate and a private key.

mkdir -p /opt/ssl/crt/
cd /opt/ssl/crt/
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout yourdomain.key -out yourdomain.crt

Configure Apache

Next we configure Apache. As you can see the standard Virtual Hosts are used. However under the Virtual Host for 443 the 'SSLEngine' is enabled and the certificate and key files are defined.

Note : If you are using a certifcate that has been signed by a 3rd party Intermediate CA then the location of intermediate certificate can be configued using the 'SSLCertificatechinFile' directive.

NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
        ServerName mydomain.com
        ServerAlias www.mydomain.com
        DocumentRoot /var/www/html/mydomain/
        ErrorLog logs/mydomain-error.log
        CustomLog logs/mydomain-access.log common
</VirtualHost>

<VirtualHost *:443>
       ServerName mydomain.com
       ServerAlias www.mydomain.com
       DocumentRoot /var/www/html/mydomain/
       ErrorLog logs/mydomain-ssl-error.log
       CustomLog logs/mydomain-ssl-access.log common
       SSLEngine on
       SSLCertificateFile /opt/ssl/crt/mydomain.crt
       SSLCertificateKeyFile /opt/ssl/crt/mydomain.key
       #SSLCertificateChainFile /opt/ssl/crt/intermediate.crt
</VirtualHost>

Install Apache Module

Next we install the Apache SSL module using Yum.

yum install mod_ssl

Restart Apache

To ensure all the changes are applied Apache is then restarted.

/etc/init.d/httpd restart

Test

Finally we issue a curl to test that our new configuration is working as expected.
For further details in terms of the HTTPS connection and the certificate details an additional -v can be applied to the curl command (i.e curl -ILkv ...)

[root@server ~]# curl -ILk https://mydomain.com
HTTP/1.1 200 OK
Date: Sun, 14 Oct 2012 08:40:36 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: da98a27ac1053fbd7d08e87ca326bc39=8leb0lhjobretaq0lddk4ekk37; path=/; secure
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 14 Oct 2012 08:40:36 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache

 

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001