Linux – Apache Part 2: Enable SSL

There are multiply reasons why you would like to use ssl for your http and create usable https for you and your viewers.

This post is about SSL configuration for your working www server. If you didn’t setup one right now please go back to this post: Linux – Apache Part 1: Instalation and configuration

Lets begin:

#install application that will help you create your own certificates for vhosts
apt-get install ssl-cert
#when we will be ask about hostname enter domain name for page you want to create certificate
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/
cp /etc/ssl/private/ /etc/ssl/certs/
mv /etc/ssl/private/ /etc/ssl/private/
#now we need to edit both files, the one in private dir need to have part about key
#file in certs dir need to have public-key part only
vim /etc/ssl/private/
vim /etc/ssl/certs/
#secure private key from others
chmod 600 /etc/ssl/private/

#enable ssl module for apache
a2enmod ssl
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/
vim /etc/apache2/sites-available/

<IfModule mod_ssl.c>
        <VirtualHost adres.ip:443>
                DocumentRoot /var/www/
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
                SSLEngine on
                SSLCertificateFile      /etc/ssl/certs/example.pem
                SSLCertificateKeyFile /etc/ssl/private/example.key
                <FilesMatch ".(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars

                BrowserMatch "MSIE [2-6]" 
                                nokeepalive ssl-unclean-shutdown 
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
service apache2 restart

You can always go back and check those posts:

Linux – Apache Part 1: Instalation and configuration

or foward:

Linux – Apache Part 2: Enable SSL

Linux – Apache Part 3: PHP

Linux – Apache Part 4: MySQL and MariaDB Database

Leave a Reply

Your email address will not be published. Required fields are marked *