Lotts docs out there, some are better than others, but most are a bit confusing.
Just dropping this here for potential future need…
The 2 best I came across are:
- http://www.akadia.com/services/ssh_test_certificate.html
- http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html/
I found that steps 1-4 in the first guide are easy to follow and will work well to generate your keys.
Then follow the second guide to enable SSL on your Apache and set things up.
For easier review:
Step 0: Install openssl using apt-get
Step 1: Generate a Private Key –
Step 2: Generate a CSR (Certificate Signing Request) –
When asked for Common Name – make sure to fill either public IP or full qualified domain name (sub.domain.com).
Step 3: Remove Passphrase from Key –
Step 4: Generating a Self-Signed Certificate –
Step 5: Copy the server.crt and server.key files into position –
Step 6: Enable ssl –
Step 7: Create a stub SSL conf. file (if needed) and establish a necessary symlink –
7.1 – If using an Ubuntu prior to ~10.04:
Then symlink to sites-enabled:
1 | ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl |
Step 8: Set up the SSL document root –
Step 9: Configure virtual hosts –
1 2 3 | sudo su cd /etc/apache2/sites-available cp /etc/apache2/sites-available/default default_original |
(Note: If using Ubuntu 10.04+ you may want to backup the original SSL conf also):
Now you need to declare the IP of your box (or FQDN/DNS name) and document roots you created in a previous step.
To configure HTTP over port 80 (edit /etc/apache2/sites-available/default) and add/replace (replace):
To configure HTTP over port 443 (edit /etc/apache2/sites-available/default) and add/replace (replace):
Step 10: Make sure Apache listens to 443 –
Edit /etc/apache2/ports.conf and verify the following exist (or add it):
Step 11: Make sure the SSL engine is on –
Edit /etc/apache2/ports.conf and verify the following exist (or add it):
1 2 3 | SSLEngine On SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key |
Step 12: restart apache –
Verify your changes are valid:
Restart Apache:
Done. you can browse to: https://yourdomain.com .
Obviously this will produce a warning on the browser side, since the certificate is self-signed. So if that’s important, make sure to purchase a signature from Verisign or simliar.
Pingback: [ubuntu] Apache – caught SIGTERM, shutting down & SSL setup issues. topic | My Blog()
Pingback: Install SSL on Ubuntu and Enable HTTPS | Brandi Dixzumore()
Pingback: Install SSL on Ubuntu and Enable HTTPS « Articulating ideas | Mivozip()