UbuntuSet up SSL

Remarks


a2ensite - a script that enables the specified site (which contains a block) within the apache2 configuration by creating symlinks within /etc/apache2/sites-enabled


apache2 - popular web server. Alternative web servers are tomcat, nginx, etc.


openssl - SSL works by using a private key to encrypt data transferred over an SSL-enabled connection, thus thwarting eavesdropping of information. Use openssl to generate keys and certificates.


vim - a popular text editor

Set up ssl for local testing in apache

Enable the module by typing:

sudo a2enmod ssl

Restart the web server (apache2) so the change is recognized:

sudo service apache2 restart

Optional (but a good idea): Create a directory that will contain our new certificate files:

sudo mkdir /etc/apache2/ssl

Create the key and self-signed certificate in that directory:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/your_domain.key -out /etc/apache2/ssl/your_domain.crt

You will be asked a series of questions for your security certificate. Answer each one as you are prompted, but with your own company's information. Here is an example:

Country Name (2 letter code) [AU]:US 
State or Province Name (full name) [Some-State]:Pennsylvania 
Locality Name (eg, city) []:Philadelphia 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Cool Company
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:test_domain.com
Email Address []:[email protected]_domain.com

Open the file with root privileges:

sudo vim /etc/apache2/sites-available/default-ssl.conf

Configure your virtual host by adding your server details and certificate locations to the default-ssl.conf file:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin [email protected]
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/your_domain.crt
        SSLCertificateKeyFile /etc/apache2/ssl/your_domain.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /var/www/html>
            SSLOptions +StdEnvVars
            DirectoryIndex index.php
            AllowOverride All
            Order allow,deny
            Allow from all
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

Save your changes and enter the following to enable your new ssl configuration:

sudo a2ensite default-ssl.conf

To activate the new configuration, run:

service apache2 reload

Now, attempt to access your site locally using https!