How to setup https/ssl using Apache web server (httpd)
This is not the end to end setup procedure of making your website secure but a short description of an exercise in which i tried to setup a website on https which was already running on http and configures httpd i.e. Apache server using Self signed certificate.
The aim was to run website in secure mode using https. This was done using following software:
1. Apache Web Server – httpd
2. OpenSSL -
3. mod_ssl -
4. Linux operating system – Fedora core 6 (I tested on this environment)
If you want to understand the SSL and https you can refer this page.
We are here trying to setup server configuration for HTTPS. Generally SSL certificates are given by some trusted body like Verisign and browser obey their signed certificates but you can also create a Self Signed certificate to use SSL. Web Browser will prompt user that some non-trusted signed certificate is found for website and you will have to accept that to proceed.
Generate and Self sign the certificate:
1. Find openssl.cnf on system, generally it resides in /usr/share/ssl or /etc/pki/tls/ and copy it in some directory where you want to generate certificate.
2. Run following command
openssl req -config openssl.cnf -new -out server.csr
3. Run following command to generate the key
openssl rsa -in privkey.pem -out server.key
4. Self signing the certificate
openssl x509 -in server.csr -out server.cert -req -signkey server.key -days 365
Setting up apache webserver:
1. You need to copy server.key and server.cert file to some folder( /opt/ssl) which you will configure in Apache.
2. Edit httpd.conf ( /etc/httpd/conf/httpd.conf ), following lines should be edited to point to cert and key file. It is possible that there is ssl.conf separately in /etc/httpd/conf.d directory, then you need to configure that file.
SSLCertificateFile /opt/ssl/server.cert SSLCertificateKeyFile /opt/ssl/server.key
3. You also need to make sure that mod_ssl module is configured to be loaded , check this line not commented in configuration files
LoadModule ssl_module modules/mod_ssl.so
4. Restart Apache and try to access your website using https://
There can be more settings for only using https for certain application and not use http.
As this is self signed certificate, there are new version of web browsers which do not support this and gives error while accessing the application. As this is non-trusted certificate, you have to manually add this certificate to Browser trusted ones so that you can proceed.
I will cover that in a separate post.
Most Commented Posts
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
[...] quick HTTPS access on one of his servers and we had to enable that using self-signed certificate(how to to enable SSL on apache using a self-signed certificate?) . If you want to learn more about HTTPS and SSL you can get some information [...]