Enable ssl/https in Apache

Though creating a https-enabled server with verified certificate is a pain (as it should be, otherwise all would do it), creating a self-signed certificate for https is a piece of cake.
This tutorial is for Linux, but other platforms have the steps very similar.

Net is full of “how it works” texts, so I’ll just cover here the steps to get there…

The following steps are easiest to do as root (you’ll have to at least in few cases anyways).

$ cd /where/to/create/certificate
$ openssl genrsa -des3 -out server.key 1024
$ openssl req -new -key server.key -out server.csr
$ cp server.key server.key.orig
$ openssl rsa -in server.key.orig -out server.key
$ openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Now, you have the /where/is/certificate/server.key key file, and /where/is/certificate/server.crt certificate. You can use those to set up the VirtualHost for https now; your site definition could look like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
        DocumentRoot /my/https/root/
        <Directory /my/https/root/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride FileInfo Options
                Order allow,deny
                allow from localhost
                allow from 10.0.0

        SSLEngine on
        SSLCertificateFile    /where/is/certificate/server.crt
        SSLCertificateKeyFile /where/is/certificate/server.key
        BrowserMatch ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0

Now just make sure your mod_ssl is enabled, and that your Apache is listening on port 443.

Then just $ /etc/init.d/apache2 restart and off you go, with a new https access option!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s