Linux setup steps/Enable SSL in Apache 2
From Nick Jenkins
Enabling SSL in Apache 2:
a2enmod ssl echo "Listen 443" >> /etc/apache2/ports.conf mkdir /etc/apache2/ssl export RANDFILE=/dev/random openssl req $@ -new -x509 -days 365 -nodes -out \ /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
When prompts, will ask a series of questions. Some fictional answers:
Country: AU State: NSW City: Sydney Organisation Name: FooBar Pty Ltd Dept: YourHostName YOUR name: www.YourHostName.com [must be the host's fully qualified name, or will get a msg that the certificate doesn't match the site name] Email address: webmaster@YourHostName.com
Then
chmod 600 /etc/apache2/ssl/apache.pem
This should come after the default sites-available config, in the previous sections, to avoid having to repeat steps for both non-SSL and for SSL.
cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
"nano /etc/apache2/sites-available/ssl", and make a few updates (add ":443" twice, and the two SSL lines) :
NameVirtualHost *:443 <virtualhost *:443> ServerAdmin webmaster@YourHostName.com SSLEngine On SSLCertificateFile /etc/apache2/ssl/apache.pem DocumentRoot .... (etc, rest of this file as per normal the non HTTPS sites)
Or, if have already bought a signed certificate from a CA (with the .CRT server cerificate file, and a .KEY private key file), then use this instead of the "SSLCertificateFile" line above:
# Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. A test # certificate can be generated with `make certificate' under # built time. SSLCertificateFile /etc/apache2/ssl/server.crt # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. SSLCertificateKeyFile /etc/apache2/ssl/server.key
Then enable this site:
a2ensite ssl
Then reload apache with:
/etc/init.d/apache2 force-reload
