Apache enable SSL
Generate a private key and certificate.
sudo a2enmod ssl
sudo service apache2 restart
sudo openssl genrsa -out ca.key 2048
#generate a private key (ca.key) with 2048 bit encryption
sudo openssl req -nodes -new -key ca.key -out ca.csr
#generate a certificate signing request (ca.csr)
sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
#generate a self-signed certificate (ca.crt) of X509 type valid for 365 keys
sudo mkdir /etc/apache2/ssl
#create a directory to place the certificate files we have created.
sudo cp ca.crt ca.key ca.csr /etc/apache2/ssl/
#copy all certificate files to the directory
Vhost config SSL
Configure vhost file:
cd /etc/apache2/sites-enabled/
sudo gedit refresh.local.conf
#<VirtualHost *:80>
<VirtualHost *:443>
ServerName refresh.local
ServerAlias refresh.local
ServerAdmin webmaster@refresh.local
DocumentRoot /var/www/refresh.local/refresh.ro/html
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/ca.key
...
</VirtualHost>
sudo service apache2 restart
Unsafe certificate
An error should appear on your browser. You must manually accept the certificate. The error message shows up because we are using a self-signed certificate. This, instead of certificate signed by a certificate authority that the browser trusts. The browser is unable to verify the identity of the server.
https:// mysite.local
Https redirect
Https force redirect configuration.
cd /etc/apache2/sites-enabled/
sudo gedit refresh.local.conf
<VirtualHost *:80>
ServerName refresh.local
ServerAlias refresh.local
ServerAdmin webmaster@refresh.local
DocumentRoot /var/www/refresh.local/refresh.ro/html
...
Redirect permanent / https://refresh.local/
</VirtualHost>
<VirtualHost *:443>
ServerName refresh.local
ServerAlias refresh.local
ServerAdmin webmaster@refresh.local
DocumentRoot /var/www/refresh.local/refresh.ro/html
...
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/ca.crt
SSLCertificateKeyFile /etc/apache2/ssl/ca.key
</VirtualHost>
sudo service apache2 restart
Conclusion
Now, you have SSL enabled on your Apache server. This will help to secure communication between your Apache server and clients. For online site, purchase an SSL certificate from a trusted certificate authority.
curl https:// refresh.local -i
Last update: 177 days ago