Saturday, 2 May 2015

Ubuntu : Install SSL cerificate on Apache


Following post, explains, how to generate self-signed certificate for Apache. Before proceeding, install Apache using the link.

Step 1: Open shell Run the following commands, to enable SSL.
#a2enmod ssl

Step 2: Create a directory “/etc/apache2/ssl ”.
mkdir /etc/apache2/ssl 

Step 3: Run the following command to generate SSL certificate.
openssl req -newkey rsa:2048 -x509 -sha256 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key
Once you entered above command, it prompts for number of inputs to generate a certificate. This example will create a certificate valid for 365 days.
# openssl req -newkey rsa:2048 -x509 -sha256 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key
Generating a 2048 bit RSA private key
........+++
...................+++
writing new private key to '/etc/apache2/ssl/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Karnataka
Locality Name (eg, city) []:Bangalore
Organization Name (eg, company) [Internet Widgits Pty Ltd]:JavaTuorial
Organizational Unit Name (eg, section) []:SSl
Common Name (e.g. server FQDN or YOUR name) []:hariJavaTutorial
Email Address []:


Step 4: Configure Apache to use the Self-Signed Certificate.
Open file “/etc/apache2/sites-available/default-ssl.conf”. Edit the virtual host configuration files for sites which you would like to enable SSL on. For each virtual host, you must add the following stanza.

<IfModule mod_ssl.c>
        <VirtualHost 127.0.0.1:443>
                ServerAdmin webmaster@localhost
                DocumentRoot /var/www/html
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        </VirtualHost>
</IfModule>


Step 5: Enable SSL site entries with following command.
a2ensite default-ssl

Step 6: Restart web server using following command.
#service apache2 restart

Step 7: Now you can open localhost using https.
Open browser, and type “https://localhost” in your browser’s URL text box. You will get “Apache2 Ubuntu Default Page”.


Note:
If you want to disable https, open “/etc/apache2/sites-enabled/default-ssl.conf” and update the variable SSLEngine as off.

Prevoius                                                 Next                                                 Home

No comments:

Post a Comment