Install SSL on Ubuntu and Enable HTTPS

Posted on by | 5 Replies

Lotts docs out there, some are better than others, but most are a bit confusing.
Just dropping this here for potential future need…
The 2 best I came across are:

  1. http://www.akadia.com/services/ssh_test_certificate.html
  2. http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html/

I found that steps 1-4 in the first guide are easy to follow and will work well to generate your keys.
Then follow the second guide to enable SSL on your Apache and set things up.

For easier review:

Step 0: Install openssl using apt-get

Step 1: Generate a Private Key -

Selec All Code:
1

openssl genrsa -des3 -out server.key 1024

Step 2: Generate a CSR (Certificate Signing Request) -

Selec All Code:
1

openssl req -new -key server.key -out server.csr

When asked for Common Name – make sure to fill either public IP or full qualified domain name (sub.domain.com).

Step 3: Remove Passphrase from Key -

Selec All Code:
1
2

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Step 4: Generating a Self-Signed Certificate -

Selec All Code:
1

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 5: Copy the server.crt and server.key files into position -

Selec All Code:
1
2

cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl

Step 6: Enable ssl -

Selec All Code:
1

a2enmod ssl

Step 7: Create a stub SSL conf. file (if needed) and establish a necessary symlink -

7.1 – If using an Ubuntu prior to ~10.04:

Selec All Code:
1

cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default-ssl

Then symlink to sites-enabled:

Selec All Code:
1

ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl

Step 8: Set up the SSL document root -

Selec All Code:
1
2

cd /var
mkdir www-ssl

Step 9: Configure virtual hosts -

Selec All Code:
1
2
3

sudo su
cd /etc/apache2/sites-available
cp /etc/apache2/sites-available/default default_original

(Note: If using Ubuntu 10.04+ you may want to backup the original SSL conf also):

Selec All Code:
1

cp /etc/apache2/sites-available/default-ssl default-ssl_original

Now you need to declare the IP of your box (or FQDN/DNS name) and document roots you created in a previous step.

To configure HTTP over port 80 (edit /etc/apache2/sites-available/default) and add/replace (replace):

Selec All Code:
1

ServerName {Your IP or FQDN}:80

To configure HTTP over port 443 (edit /etc/apache2/sites-available/default) and add/replace (replace):

Selec All Code:
1

ServerName {Your IP or FQDN}:443

Step 10: Make sure  Apache listens to 443 -

Edit /etc/apache2/ports.conf and verify the following exist (or add it):

Selec All Code:
1

Listen 443

Step 11: Make sure the SSL engine is on -

Edit /etc/apache2/ports.conf and verify the following exist (or add it):

Selec All Code:
1
2
3

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Step 12: restart apache -

Verify your changes are valid:

Selec All Code:
1

apache2ctl configtest

Restart Apache:

Selec All Code:
1

apache2ctl restart

 

Done. you can browse to: https://yourdomain.com .

Obviously this will produce a warning on the browser side, since the certificate is self-signed. So if that’s important, make sure to purchase a signature from Verisign or simliar.

 

Selec All Code:
1