How to secure apache with HTTPS

Hypertext Transfer Protocol Secure (HTTPS) = HTTP + SSL/TLS
Check list:
* apache sever
* openssl

<b>For Ubuntu 10.04/Apache 2.2.14 changes suggested oregonbob:</b><a href="" target="_blank">here</a>
Step 1 : <i> Create a self-signed certificate. </i>
This include : Generate a key, Signing and avoid password
openssl genrsa -des3 -out my.key 4096
openssl req -new -key my.key -out my.csr
openssl x509 -req -days 365 -in my.csr -signkey my.key -out my.crt
openssl rsa -in my.key -out my.key.insecure
mv my.key
mv my.key.insecure my.key 
Step 2 : <i>Setting up apache to detect the certificates</i>
<b>Create ssl dir in /etc/apache2 or the apache home dir.
cd /etc/apache2 ; mkdir ssl </b>
<b>Copy the *.crt and *.key to this dir
cp my.key /etc/apache2/ssl
cp my.crt /etc/apache2/ssl </b>
Step 3 : <i>Enable ssl</i>
<b>a2enmod ssl </b>
Step 4 : <i>Create symblinks and stub SSL conf</i>
<b>cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl </b>
Step 5 : <i>Set up the document roots, optional can be default /var/www or :</i>
<b>cd /var/www
mkdir html
cd /var
mkdir wssl
cd wssl
mkdir html</b>
Step 6 : <i>Configure virtual hosts.</i>
<b>sudo su
cd /etc/apache2/sites-available
cp /etc/apache2/sites-available/default default_original </b>
Step 7 : <i>Configure ports</i>
<b>HTTP over port 80 (edit /etc/apache2/sites-available/default):
NameVirtualHost *:80
(Note: Look down just a bit and make a change to the virtual host settings.)
<VirtualHost *:80>
ServerName localhost
DocumentRoot /var/www/html/
HTTPS over port 443 (edit /etc/apache2/sites-available/ssl):
NameVirtualHost *:443
<VirtualHost *:443>
ServerName localhost
DocumentRoot /var/www-ssl/html/
P.S : Change localhost to your ip, if required.</b>
Step 7 : <i>Order apache to listen on port 443</i>
<b>edit /etc/apache2/ports.conf and type in "Listen 443" with out quotes and save</b>
Step 8 : <i>Turn on the SSL engine.</i>
<b>edit /etc/apache2/sites-available/ssl and add the lines below:
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key </b>
Step 9 : <i>Final step, restart apache and test</i>
<b>/etc/init.d/apache2 restart 
In browser : <a href="https://localhost" title="https://localhost">https://localhost</a> must work</b>

Share this