minte9
LearnRemember



Apache enable SSL

Generate a private key and certificate. 
 
sudo a2enmod ssl
sudo service apache2 restart

sudo openssl genrsa -out ca.key 2048
    #generate a private key (ca.key) with 2048 bit encryption

sudo openssl req -nodes -new -key ca.key -out ca.csr
    #generate a certificate signing request (ca.csr) 

sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
    #generate a self-signed certificate (ca.crt) of X509 type valid for 365 keys

sudo mkdir /etc/apache2/ssl
    #create a directory to place the certificate files we have created.

sudo cp ca.crt ca.key ca.csr /etc/apache2/ssl/
    #copy all certificate files to the directory

Vhost config SSL

Configure vhost file: 
 
cd /etc/apache2/sites-enabled/
sudo gedit refresh.local.conf

    #<VirtualHost *:80>
    <VirtualHost *:443>
        ServerName refresh.local
        ServerAlias refresh.local
        ServerAdmin webmaster@refresh.local
        DocumentRoot /var/www/refresh.local/refresh.ro/html

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/ca.crt
        SSLCertificateKeyFile /etc/apache2/ssl/ca.key
        ...
    </VirtualHost>

sudo service apache2 restart

Unsafe certificate

An error should appear on your browser. You must manually accept the certificate. The error message shows up because we are using a self-signed certificate. This, instead of certificate signed by a certificate authority that the browser trusts. The browser is unable to verify the identity of the server. 
 
https:// mysite.local

Https redirect

Https force redirect configuration. 
 
cd /etc/apache2/sites-enabled/
sudo gedit refresh.local.conf

<VirtualHost *:80>
    ServerName refresh.local
    ServerAlias refresh.local
    ServerAdmin webmaster@refresh.local
    DocumentRoot /var/www/refresh.local/refresh.ro/html
    ...
    Redirect permanent / https://refresh.local/
</VirtualHost>

<VirtualHost *:443>
    ServerName refresh.local
    ServerAlias refresh.local
    ServerAdmin webmaster@refresh.local
    DocumentRoot /var/www/refresh.local/refresh.ro/html
    ...
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/ca.crt
    SSLCertificateKeyFile /etc/apache2/ssl/ca.key
</VirtualHost>

sudo service apache2 restart

Conclusion

Now, you have SSL enabled on your Apache server. This will help to secure communication between your Apache server and clients. For online site, purchase an SSL certificate from a trusted certificate authority. 
 
curl https:// refresh.local -i



  Last update: 177 days ago