Introduction: -
SSL is an essential part of creating a secure Apache website. SSL certificates allow you encrypt all the traffic sent to and from your Apache website to prevent others from viewing all of the traffic. It uses public key cryptography to establish a secure connection. This means that anything encrypted with a public key (the SSL certificate) can only be decrypted with the private key (stored only on the server) and vice versa.
Prerequisites: -
Step 1: Install Apache
You will be prompted to enter your organisational information and a common name. The common name should be the fully qualified domain name for the site you are securing (www.mydomain.com). You can leave the email address, challenge password, and optional company name blank. When the command is finished running, it will create two files: a mysitename.key file and a mysitename.crt self-signed certificate file valid for 365 days.
SSL is an essential part of creating a secure Apache website. SSL certificates allow you encrypt all the traffic sent to and from your Apache website to prevent others from viewing all of the traffic. It uses public key cryptography to establish a secure connection. This means that anything encrypted with a public key (the SSL certificate) can only be decrypted with the private key (stored only on the server) and vice versa.
Before start creating SSL certificate, following are the prerequisites:
1- Sudo privileges user
2- Installed Apache
3- Installed OpenSSL
We need to install Apache web server if don't have already. This can be done by using the command below.
root@US16:~# apt install apache2
Step 2: Install OpenSSL
We need OpenSSL to generate a self-signed certificate, Use the command below to install it.
root@US16:~# apt install openssl
Step 3: Create Virtual Host
First, We need to have a Virtual Host where we will install our Self-Signed Certificate, follow the steps below to setup new VHost.
3A- Create a directory to store VHost data
root@US16:~# mkdir -p /var/www/html/vhost1
3B- Create VHost and add configuration
root@US16:~# vi /etc/apache2/sites-available/vhost1.conf
Append below VHost configuration in the file vhost1.conf
<VirtualHost *:80> ServerAdmin amar.singh@outlook.in ServerName vhost1.org DocumentRoot /var/www/html/vhost1/ ErrorLog /var/www/html/vhost1/logs/error.log CustomLog /var/www/html/vhost1/logs/access.log combined <Directory /var/www/html/vhost1/> Options All AllowOverride All Require all granted </Directory> </VirtualHost>
Save and Exit from the file.
3C- Create a simple HTML file
root@US16:~# vi /var/www/html/vhost1/index.html
Add some text to the file
This is Vhost1 !!Testing!!
Save and Exit from the file
3D- Enable created VHost
root@US16:~# a2ensite vhost1.conf
Enabling site vhost1.
To activate the new configuration, you need to run:
service apache2 reload
root@US16:~#
3E- Reload Apache service to apply changes
root@US16:~# service apache2 reload
3F- Test VHost by hitting Server name- http://vhost1.org/
By hitting URL- http://vhost1.org/ you will get output like below
Step 4: Create the SSL Certificate
SSL is a combination of Public and Private Key, Private Key stored only on the Server.
Let's create Certificate by using the single command below:
root@US16:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vhost1.key -out /etc/ssl/certs/vhost1.crt
Generating a 2048 bit RSA private key
.........+++
..+++
writing new private key to '/etc/ssl/private/vhost1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Delhi
Locality Name (eg, city) []:South Ex
Organization Name (eg, company) [Internet Widgits Pty Ltd]:ISTM
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:vhost1.org
Email Address []:amar.singh@outlook.in
root@US16:~#
Step 5: Configure Apache to use SSL
5A- Enable Port listening
root@US16:~# vi /etc/apache2/ports.conf
Add the highlighted line to the ports.conf file.
Listen 80
Listen 443
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>
Save and Exit from the File
5B- Enable SSL module
root@US16:~# a2enmod ssl
5C- Change VHost Configuration
root@US16:~# vi /etc/apache2/sites-available/vhost1.conf
Append line below in the conf file
<VirtualHost 192.168.102.10:443>
DocumentRoot /var/www/html/vhost1/
ServerName vhost1.org
SSLEngine on
SSLCertificateFile /etc/ssl/certs/vhost1.crt
SSLCertificateKeyFile /etc/ssl/private/vhost1.key
</VirtualHost>
Save and Exit from the File
5C- Restart Apache service to apply changes.
root@US16:~# service apache2 restart
Step 6: Test installed SSL certificate
To validate installed SSL certificate access website by hitting URL- https://vhost1.org/
Once everything goes well you will get output like below:
SSL Certificate has been installed successfully, let's proceed it by clicking on the Advanced button and add it to the exception to view the website.
Once done you will get the output as bellow:
!!! Self-signed SSL has been configured successfully !!!
I am really proud to discover you, your blog is really great! I like its interface and loved the content too. Above all, keep it up!
ReplyDeleteUSA Dedicated Server