Linux – Apache Part 2: Enable SSL

There are multiply reasons why you would like to use ssl for your http and create usable https for you and your viewers.

This post is about SSL configuration for your working www server. If you didn’t setup one right now please go back to this post: Linux – Apache Part 1: Instalation and configuration

Lets begin:

#install application that will help you create your own certificates for vhosts
apt-get install ssl-cert
#when we will be ask about hostname enter domain name for page you want to create certificate
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/www.example.com
cp /etc/ssl/private/www.example.com /etc/ssl/certs/www.example.com.pem
mv /etc/ssl/private/www.example.com /etc/ssl/private/www.example.com.key
#now we need to edit both files, the one in private dir need to have part about key
#file in certs dir need to have public-key part only
vim /etc/ssl/private/www.example.com.key
vim /etc/ssl/certs/www.example.com.pem
#secure private key from others
chmod 600 /etc/ssl/private/www.example.com.key

#enable ssl module for apache
a2enmod ssl
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/example.com-ssl.conf
vim /etc/apache2/sites-available/example.com-ssl.conf

#file example.com-ssl.conf
<IfModule mod_ssl.c>
        <VirtualHost adres.ip:443>
                ServerAdmin webmaster@example.com
                ServerName example.com:443
                DocumentRoot /var/www/example.com/public_html
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/example.pem
                SSLCertificateKeyFile /etc/ssl/private/example.key
                <FilesMatch ".(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

                BrowserMatch "MSIE [2-6]" 
                                nokeepalive ssl-unclean-shutdown 
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        </VirtualHost>
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
#end example.com-ssl.conf
a2ensite example.com-ssl.conf
service apache2 restart

You can always go back and check those posts:

Linux – Apache Part 1: Instalation and configuration

or foward:

Linux – Apache Part 2: Enable SSL

Linux – Apache Part 3: PHP

Linux – Apache Part 4: MySQL and MariaDB Database

Leave a Reply

Your email address will not be published. Required fields are marked *

*