Install SSL on Ubuntu and Enable HTTPS - Articulating ideas

Lotts docs out there, some are better than others, but most are a bit confusing.
Just dropping this here for potential future need…
The 2 best I came across are:

http://www.akadia.com/services/ssh_test_certificate.html
http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html/

I found that steps 1-4 in the first guide are easy to follow and will work well to generate your keys.
Then follow the second guide to enable SSL on your Apache and set things up.

For easier review:

Step 0: Install openssl using apt-get

Step 1: Generate a Private Key –

Selec All Code:

Step 2: Generate a CSR (Certificate Signing Request) –

Selec All Code:

When asked for Common Name – make sure to fill either public IP or full qualified domain name (sub.domain.com).

Step 3: Remove Passphrase from Key –

Selec All Code:

Step 4: Generating a Self-Signed Certificate –

Selec All Code:

Step 5: Copy the server.crt and server.key files into position –

Selec All Code:

Step 6: Enable ssl –

Selec All Code:

Step 7: Create a stub SSL conf. file (if needed) and establish a necessary symlink –

7.1 – If using an Ubuntu prior to ~10.04:

Selec All Code:

Then symlink to sites-enabled:

Selec All Code:

Step 8: Set up the SSL document root –

Selec All Code:

Step 9: Configure virtual hosts –

Selec All Code:

(Note: If using Ubuntu 10.04+ you may want to backup the original SSL conf also):

Selec All Code:

Now you need to declare the IP of your box (or FQDN/DNS name) and document roots you created in a previous step.

To configure HTTP over port 80 (edit /etc/apache2/sites-available/default) and add/replace (replace):

Selec All Code:

To configure HTTP over port 443 (edit /etc/apache2/sites-available/default) and add/replace (replace):

Selec All Code:

Step 10: Make sure Apache listens to 443 –

Edit /etc/apache2/ports.conf and verify the following exist (or add it):

Selec All Code:

Step 11: Make sure the SSL engine is on –

Edit /etc/apache2/ports.conf and verify the following exist (or add it):

Selec All Code:

Step 12: restart apache –

Verify your changes are valid:

Selec All Code:

Restart Apache:

Selec All Code:

Done. you can browse to: https://yourdomain.com .

Obviously this will produce a warning on the browser side, since the certificate is self-signed. So if that’s important, make sure to purchase a signature from Verisign or simliar.

Selec All Code:

Sergei Evdokimov

Thank you for the tutorial! I am on Ubuntu 12 but still had to create the symlink for default-ssl (step 7). Strangely, the symlink for default was already there.
Pingback: [ubuntu] Apache – caught SIGTERM, shutting down & SSL setup issues. topic | My Blog()
hohoho

step 5

cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl
should be
cp server.key /etc/apache2/ssl/server.key
cp server.crt /etc/apache2/ssl/server.crt
Zohar Babin

@hohoho –
These two methods are the same… the first tells cp to copy the file with its original file name to the dest directory, while the second (your suggestion) tells cp to copy over using a specific file name (which happens to be the same in this case).

http://www.cyberciti.biz/faq/copy-command/
Pingback: Install SSL on Ubuntu and Enable HTTPS | Brandi Dixzumore()
Pingback: Install SSL on Ubuntu and Enable HTTPS « Articulating ideas | Mivozip()
Chris Serella

That may be the case however hohoho is correct. If you have other certs there because you previously had created them for other applications and are just following this to enable ssl on apache then of course the other certs don’t need to be copied over so a full directory copy is not the correct way. If thats not the case and the tut follower has only installed ssl to configure apache then your tutorial commands will be perfectly fine.
Angy

Thank you for the tutorial! I follow, but the page still say “SSL connection error” and i don have idea way, the server say “_default_ VirtualHost overlap on port 433, the first has precedence
“.

%d bloggers like this: