Create SSL Certificates and enable SSL on Apache2

Generate a Self-Signed Certificate

Open a terminal and at the shell prompt, enable SSL for Apache:

a2enmod ssl

Then generate the self signed certificates you will need

mkdir /etc/apache2/ssl
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key

At that point, you will be asked for configuration data. Enter values appropriate for your organization and server, as shown here. This example will create a certificate valid for 365 days; you may wish to increase this value. I’ve used the fully qualified domain name of the apache2 server for the “Common Name” entry. The program then writes out the key file as shown below:

Generating a 1024 bit RSA private key
...................................++++++
..............................++++++
writing new private key to '/etc/apache2/ssl/apache.pem'
-----

Next the program will ask forr information that will be incorporated into your certificate request.
These data will be used to create a Distinguished Name. There are quite a few fields and while you can some of them leave blank (or enter a enter a “.” which produces alblank entry) I decided to fill all of them in as shown below.

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Texas
Locality Name (eg, city) []:Houston
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Home
Organizational Unit Name (eg, section) []:Web Services
Common Name (eg, YOUR name) []:archimedes.mydomain.com
Email Address []:support@mydomain.com
Configure Apache to use the Self-Signed Certificate

Since SSL name-based virtual hosts are not supported in /etc/apache2/ports.conf, we’ll need to add an entry for a specific IP address on your VPS as follows. You may use a single IP to provide self-signed SSL service for multiple vhosts, and the same IP may also be used for multiple non-SSL vhosts (HTTPS uses port 443, while HTTP uses port 80).

nano /etc/apache2/ports.conf

and enter something like:

————————————
NameVirtualHost 12.34.56.78:443
————————————

Replace “12.34.56.78” with your server’s IP address. Next, edit the virtual host configuration files for sites which you would like to enable SSL on. For each virtual host, you must add the following stanza (change the values as appropriate for each site). Note that this example essentially reproduces the configuration for a non-SSL site, with the addition of three lines for SSL.

File excerpt:Apache virtual hosting file
———————————————————-

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

ServerAdmin info@mydomain.com
ServerName http://www.mydomain.com
DocumentRoot /srv/www/mydomain.com/public_html/
ErrorLog /srv/www/mydomain.com/logs/error.log
CustomLog /srv/www/mydomain.com/logs/access.log combined

———————————————————-

Restart Apache:

/etc/init.d/apache2 restart

  1. I assume that anything I put on my site is public domain. I imagine I could protect it but my interest is more in helping people than anything else. Ther is such a thing as a Creative Commons license I might try if I wanted a bit of protection, but I don’t.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: