Within this article we will show you how to configure Apache to serve your content over a SSL based connection using a self signed certificate.
Generate Certificate/Key
First of all we generate a self signed certificate using openssl. This will create 2 files, a public certificate and a private key.
mkdir -p /opt/ssl/crt/
cd /opt/ssl/crt/
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout yourdomain.key -out yourdomain.crt
Configure Apache
Next we configure Apache. As you can see the standard Virtual Hosts are used. However under the Virtual Host for 443 the ‘SSLEngine’ is enabled and the certificate and key files are defined.
Note : If you are using a certifcate that has been signed by a 3rd party Intermediate CA then the location of intermediate certificate can be configued using the ‘SSLCertificatechinFile’ directive.
NameVirtualHost *:443
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /var/www/html/mydomain/
ErrorLog logs/mydomain-error.log
CustomLog logs/mydomain-access.log common
</VirtualHost>
<VirtualHost *:443>
ServerName mydomain.com
ServerAlias www.mydomain.com
DocumentRoot /var/www/html/mydomain/
ErrorLog logs/mydomain-ssl-error.log
CustomLog logs/mydomain-ssl-access.log common
SSLEngine on
SSLCertificateFile /opt/ssl/crt/mydomain.crt
SSLCertificateKeyFile /opt/ssl/crt/mydomain.key
#SSLCertificateChainFile /opt/ssl/crt/intermediate.crt
</VirtualHost>
Install Apache Module
Next we install the Apache SSL module using Yum.
yum install mod_ssl
Restart Apache
To ensure all the changes are applied Apache is then restarted.
/etc/init.d/httpd restart
Test
Finally we issue a curl to test that our new configuration is working as expected.
For further details in terms of the HTTPS connection and the certificate details an additional -v can be applied to the curl command (i.e curl -ILkv …)
[[email protected] ~]# curl -ILk https://mydomain.com
HTTP/1.1 200 OK
Date: Sun, 14 Oct 2012 08:40:36 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: da98a27ac1053fbd7d08e87ca326bc39=8leb0lhjobretaq0lddk4ekk37; path=/; secure
P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 14 Oct 2012 08:40:36 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a Linux expert?
Here is our hand-picked selection of the best courses you can find online:
Linux Mastery course
Linux Administration Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial