- Apache server configured and installed
Step 1: Generate Certificate
- Create a directory place to store the file
- $ mkdir ~/certificates
- $ cd ~/certificates
2. Generate a CSR and private key using following command
- $ openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes
After successfully running the command it will ask for the information of certificate request. Complete it using the appropriate information.
Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: FL
Locality Name (eg, city) []: Miami
Organization Name (eg, company) [My Company]: My Company
Organizational Unit Name (eg, section) []:
The common name is your domain name or the server IP address.
Common Name (e.g. server FQDN or YOUR name) []: 192.168.2.3
Email Address []:dummy@example.com
3. Now move the certificate into the same folder you created using the following commands
- $ mkdir /etc/apache2/ssl
- $ mv ~/certificates/* /etc/apache2/ssl/.
4. We are done creating the certificate now we will make the certificate work with Apache.
Step 2: Configuring the Firewall
- Make sure that the TCP port 443 is open. Instead of port 80 SSL uses port 443. We will be using Uncomplicated Firewall (UFW)
- To enable UFW use the following command
- $ sudo ufw enable
- Allow the predefined apache settings for the firewall using the following command
- $ sudo ufw allow ‘Apache Full’
- You can check the list of current rules using the following command.
- $ sudo ufw status
The configuration should be similar to this:
To Action From
— —— —-
Apache Full ALLOW Anywhere
OpenSSH ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)
- To allow future connections allow OpenSSH
- $ sudo ufw allow ‘OpenSSH’
Step 3: Apache virtual host configuration
- Navigate to the default Apache site config directory using the following command
- $ sudo nano /etc/apache2/sites-available/default-ssl.conf
This config file tells the server where to find SSL certificate. It should look like this:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
1. Edit this: ServerAdmin webmaster@localhost to this :
ServerAdmin email@example.net
- Add this right below the ServerAdmin line:
ServerName ADD_YOUR_IP_OR_DOMAIN_NAME_HERE
- Now, edit these lines with our certificate location:
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Our file should look like this:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin email@example.net
ServerName 203.0.113.122
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
</IfModule>
- Save the file, and close it.
Step 4: Enable the Apache SSL module
- Enable the SSL module using following command
- $ sudo a2enmod ssl
- Now enable the site we have just edited:
- $ sudo a2ensite default-ssl.conf
- Restart Apache:
- $ sudo service apache2 restart
- The website is now secure, access it using following address in the browser
https://YOUR_SERVER_IP