Creating SSL enabled website on Apache/Linux

Posted on Categories:PHP, MySQL, UNIX/Linux in general

This post describes how to quickly enable SSL on Apache and create SSL enabled website on Apache/Linux environment. In this post I assume that apache2 is properly installed on your linux server, and you’re running a Debian or Ubuntu distribution of Linux.
A quick reminder: SSL enabled website is just another web service (more precisely, virtual host), that is running on a port different than a standard http port 80. Typically, port on which are SSL enabled websites running is 443, and address usually begins with https://… instead of usual http://… on a regular website.

If you’re planning to create a part of a site that uses ssl, and another part that will run a normal unsecured web server, you’ll need two virtual host settings files: one for http, and another for https site. Basically, both files will have the same settings, except for the one for https site, that will have additional settings that tell apache to use SSL.

Enabling SSL and creating a key

First, enable apache2 ssl module:
[php]
$ a2enmod ssl
[/php]
Create some directory somewhere not publicly visible and create server key:
[php]
$ openssl req -new -x509 -nodes -out server.crt -keyout server.key
[/php]
You’ll be prompted to enter information about your certificate request. Don’t be afraid to fill out the form :D
To use a passphrase for your key, execute:
[php]
$ openssl rsa -des3 -in server.key -out server.key.new
$ mv server.key.new server.key
[/php]

Creating a SSL virtual host

Here’s an example of a regular website virtual host file:
[php]
# /etc/apache2/sites-available/007-mysite

ServerName mysite.test
ServerAlias *.mysite.test

DocumentRoot “/home/tomislav/mysite/trunk/web”

ErrorDocument 404 /default/error404
ErrorDocument 500 /errors/error500.php

Alias /sf /home/tomislav/mysite/trunk/lib/vendor/symfony/data/web/sf

AllowOverride All
Allow from All

[/php]
Create a copy of this file and add the following to the new file:
[php]
SSLCertificateFile /path/to/this/server.crt
SSLCertificateKeyFile /path/to/this/server.key
[/php]
Be sure to replace /path/to/this/server.crt with a path where you created your server.crt and server.key files described earlier.
A final look of a SSL virtual host file should look like this:
[php]
# /etc/apache2/sites-available/007-mysite_secure

ServerName mysite.test:443
ServerAlias *.mysite.test

SSLCertificateFile /home/tomislav/mysite/proto/tomislav/ssl_test/server.crt
SSLCertificateKeyFile /home/tomislav/mysite/proto/tomislav/ssl_test/server.key

DocumentRoot “/home/tomislav/mysite/trunk/web”

ErrorDocument 404 /default/error404
ErrorDocument 500 /errors/error500.php

Alias /sf /home/tomislav/mysite/trunk/lib/vendor/symfony/data/web/sf

AllowOverride All
Allow from All

[/php]

Restarting apache

That should be it. Restart your apache2 service (you’ll be prompted to enter a passphrase when apache reloads).
If you’re running Debian, try to add SSLEngine on statement in your SSL virtual host file:
[php]
# /etc/apache2/sites-available/007-mysite_secure

SSLEngine on

[/php]