Ubuntu

Set up SSL

Remarks#

a2ensite - a script that enables the specified site (which contains a block) within the apache2 configuration by creating symlinks within /etc/apache2/sites-enabled

apache2 - popular web server. Alternative web servers are tomcat, nginx, etc.

openssl - SSL works by using a private key to encrypt data transferred over an SSL-enabled connection, thus thwarting eavesdropping of information. Use openssl to generate keys and certificates.

vim - a popular text editor

Set up ssl for local testing in apache

Enable the module by typing:

sudo a2enmod ssl

Restart the web server (apache2) so the change is recognized:

sudo service apache2 restart

Optional (but a good idea): Create a directory that will contain our new certificate files:

sudo mkdir /etc/apache2/ssl

Create the key and self-signed certificate in that directory:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/your_domain.key -out /etc/apache2/ssl/your_domain.crt

You will be asked a series of questions for your security certificate. Answer each one as you are prompted, but with your own company’s information. Here is an example:

Country Name (2 letter code) [AU]:US 
State or Province Name (full name) [Some-State]:Pennsylvania 
Locality Name (eg, city) []:Philadelphia 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Cool Company
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:test_domain.com
Email Address []:my_email@test_domain.com

Open the file with root privileges:

sudo vim /etc/apache2/sites-available/default-ssl.conf

Configure your virtual host by adding your server details and certificate locations to the default-ssl.conf file:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/your_domain.crt
        SSLCertificateKeyFile /etc/apache2/ssl/your_domain.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /var/www/html>
            SSLOptions +StdEnvVars
            DirectoryIndex index.php
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Save your changes and enter the following to enable your new ssl configuration:

sudo a2ensite default-ssl.conf

To activate the new configuration, run:

service apache2 reload

Now, attempt to access your site locally using https!

This modified text is an extract of the original Stack Overflow Documentation created by the contributors and released under CC BY-SA 3.0 This website is not affiliated with Stack Overflow