Configuring SSL within Apache

Within this article we will show you how to configure Apache to serve your content over a SSL based connection using a self signed certificate.

Generate Certificate/Key

First of all we generate a self signed certificate using openssl. This will create 2 files, a public certificate and a private key.

mkdir -p /opt/ssl/crt/
cd /opt/ssl/crt/
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout yourdomain.key -out yourdomain.crt

Configure Apache

Next we configure Apache. As you can see the standard Virtual Hosts are used. However under the Virtual Host for 443 the ‘SSLEngine’ is enabled and the certificate and key files are defined.

Note : If you are using a certifcate that has been signed by a 3rd party Intermediate CA then the location of intermediate certificate can be configued using the ‘SSLCertificatechinFile’ directive.

NameVirtualHost *:443
NameVirtualHost *:80

<VirtualHost *:80>
        ServerName mydomain.com
        ServerAlias www.mydomain.com
        DocumentRoot /var/www/html/mydomain/
        ErrorLog logs/mydomain-error.log
        CustomLog logs/mydomain-access.log common
</VirtualHost>

<VirtualHost *:443>
       ServerName mydomain.com
       ServerAlias www.mydomain.com
       DocumentRoot /var/www/html/mydomain/
       ErrorLog logs/mydomain-ssl-error.log
       CustomLog logs/mydomain-ssl-access.log common
       SSLEngine on
       SSLCertificateFile /opt/ssl/crt/mydomain.crt
       SSLCertificateKeyFile /opt/ssl/crt/mydomain.key
       #SSLCertificateChainFile /opt/ssl/crt/intermediate.crt
</VirtualHost>

Install Apache Module

Next we install the Apache SSL module using Yum.

yum install mod_ssl

Restart Apache

To ensure all the changes are applied Apache is then restarted.

/etc/init.d/httpd restart

Test

Finally we issue a curl to test that our new configuration is working as expected.
For further details in terms of the HTTPS connection and the certificate details an additional -v can be applied to the curl command (i.e curl -ILkv …)

[[email protected] ~]# curl -ILk https://mydomain.com
HTTP/1.1 200 OK
Date: Sun, 14 Oct 2012 08:40:36 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Set-Cookie: da98a27ac1053fbd7d08e87ca326bc39=8leb0lhjobretaq0lddk4ekk37; path=/; secure
P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 14 Oct 2012 08:40:36 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become a Linux expert?

Here is our hand-picked selection of the best courses you can find online:
Linux Mastery course
Linux Administration Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial