This post describes how to quickly enable SSL on Apache and create SSL enabled website on Apache/Linux environment. In this post I assume that apache2 is properly installed on your linux server, and you’re running a Debian or Ubuntu distribution of Linux.
A quick reminder: SSL enabled website is just another web service (more precisely, virtual host), that is running on a port different than a standard http port 80. Typically, port on which are SSL enabled websites running is 443, and address usually begins with https://… instead of usual http://… on a regular website.
If you’re planning to create a part of a site that uses ssl, and another part that will run a normal unsecured web server, you’ll need two virtual host settings files: one for http, and another for https site. Basically, both files will have the same settings, except for the one for https site, that will have additional settings that tell apache to use SSL.
Enabling SSL and creating a key
First, enable apache2 ssl module:
$ a2enmod ssl
Create some directory somewhere not publicly visible and create server key:
$ openssl req -new -x509 -nodes -out server.crt -keyout server.key
You’ll be prompted to enter information about your certificate request. Don’t be afraid to fill out the form :D
To use a passphrase for your key, execute:
$ openssl rsa -des3 -in server.key -out server.key.new $ mv server.key.new server.key
Creating a SSL virtual host
Here’s an example of a regular website virtual host file:
# /etc/apache2/sites-available/007-mysite <virtualhost *:80> ServerName mysite.test ServerAlias *.mysite.test DocumentRoot "/home/tomislav/mysite/trunk/web" <directory "/home/tomislav/mysite/trunk/web"> ErrorDocument 404 /default/error404 ErrorDocument 500 /errors/error500.php </directory> Alias /sf /home/tomislav/mysite/trunk/lib/vendor/symfony/data/web/sf <directory "/home/tomislav/mysite/trunk/lib/vendor/symfony/data/web/sf"> AllowOverride All Allow from All </directory>
Create a copy of this file and add the following to the new file:
SSLCertificateFile /path/to/this/server.crt SSLCertificateKeyFile /path/to/this/server.key
Be sure to replace /path/to/this/server.crt with a path where you created your server.crt and server.key files described earlier.
A final look of a SSL virtual host file should look like this:
# /etc/apache2/sites-available/007-mysite_secure <virtualhost *:443> ServerName mysite.test:443 ServerAlias *.mysite.test SSLCertificateFile /home/tomislav/mysite/proto/tomislav/ssl_test/server.crt SSLCertificateKeyFile /home/tomislav/mysite/proto/tomislav/ssl_test/server.key DocumentRoot "/home/tomislav/mysite/trunk/web" <directory "/home/tomislav/mysite/trunk/web"> ErrorDocument 404 /default/error404 ErrorDocument 500 /errors/error500.php </directory> Alias /sf /home/tomislav/mysite/trunk/lib/vendor/symfony/data/web/sf <directory "/home/tomislav/mysite/trunk/lib/vendor/symfony/data/web/sf"> AllowOverride All Allow from All </directory>
Restarting apache
That should be it. Restart your apache2 service (you’ll be prompted to enter a passphrase when apache reloads).
If you’re running Debian, try to add SSLEngine on statement in your SSL virtual host file:
# /etc/apache2/sites-available/007-mysite_secure <virtualhost *:443> SSLEngine on ...
Thanks Dude, it worked like a charm.
To other visitors, if you readed the how to from ubuntu manual, the missing thing there was these “:443” on servername statement.
regards