How to secure apache with HTTPS

14 Nov 2009

by hemanth

Hypertext Transfer Protocol Secure (HTTPS) = HTTP + SSL/TLS
Check list:
* apache sever
* openssl
Steps:

For Ubuntu 10.04/Apache 2.2.14 changes suggested oregonbob:here

Step 1 : Create a self-signed certificate.
This include : Generate a key, Signing and avoid password

openssl genrsa -des3 -out my.key 4096
openssl req -new -key my.key -out my.csr
openssl x509 -req -days 365 -in my.csr -signkey my.key -out my.crt
openssl rsa -in my.key -out my.key.insecure
mv my.key server.key.secure
mv my.key.insecure my.key

Step 2 : Setting up apache to detect the certificates
Create ssl dir in /etc/apache2 or the apache home dir.
cd /etc/apache2 ; mkdir ssl
Copy the *.crt and *.key to this dir
cp my.key /etc/apache2/ssl
cp my.crt /etc/apache2/ssl
Step 3 : Enable ssl
a2enmod ssl
Step 4 : Create symblinks and stub SSL conf
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
Step 5 : Set up the document roots, optional can be default /var/www or :
cd /var/www
mkdir html
cd /var
mkdir wssl
cd wssl
mkdir html
Step 6 : Configure virtual hosts.
sudo su
cd /etc/apache2/sites-available
cp /etc/apache2/sites-available/default default_original
Step 7 : Configure ports
HTTP over port 80 (edit /etc/apache2/sites-available/default):
NameVirtualHost *:80
(Note: Look down just a bit and make a change to the virtual host settings.)

ServerName localhost
DocumentRoot /var/www/html/
HTTPS over port 443 (edit /etc/apache2/sites-available/ssl):
NameVirtualHost *:443

ServerName localhost
DocumentRoot /var/www-ssl/html/
P.S : Change localhost to your ip, if required.
Step 7 : Order apache to listen on port 443
edit /etc/apache2/ports.conf and type in "Listen 443" with out quotes and save
Step 8 : Turn on the SSL engine.
edit /etc/apache2/sites-available/ssl and add the lines below:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
Step 9 : Final step, restart apache and test
/etc/init.d/apache2 restart
In browser : https://localhost must work

Share this