TLS/SSL Certificate Installation for Apache on Ubuntu Server

by Posted on

Configure Apache With TLS/SSL Certificate on Ubuntu Server

Generate Certificate

Create a directory place to store the file

$ mkdir ~/certificates
$ cd ~/certificates

Generate a CSR and private key using following command

$ openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes

Complete the process with it using the relevant information

Country Name (2 letter code) [AU]: BH
State or Province Name (full name) [Some-State]: Manama
Locality Name (eg, city) []: Manama
Organization Name (eg, company) [My Company]: GrassPalm
Organizational Unit Name (eg, section) []:IT
The common name is your domain name or the server IP address.
Common Name (e.g. server FQDN or YOUR name) []: apache01.gp.local
Email Address []:admin@gp.local

Now move the certificate into the same folder you created using the following commands

$ mkdir /etc/apache2/ssl
$ mv ~/certificates/* /etc/apache2/ssl/.

Apache virtual host configuration

Navigate to the default Apache site config directory using the following command

$ sudo nano /etc/apache2/sites-available/default-ssl.conf

This config file tells the server where to find SSL certificate. It should look like this:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on

SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

</VirtualHost>
</IfModule>

Edit this: ServerAdmin webmaster@localhost to this :

ServerAdmin admin@gp.local

Add this right below the ServerAdmin line:

ServerName ADD_YOUR_IP_OR_DOMAIN_NAME_HERE

Now, edit these lines with our certificate location:

SSLCertificateFile    /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

The new file should look like this:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin admin@gp.local
ServerName apache01.gp.local

DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on

SSLCertificateFile    /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

</VirtualHost>
</IfModule>

Save the file, and close it.

Enable the SSL module using following command

$ sudo a2enmod ssl

Enable the site we have just edited:

$ sudo a2ensite default-ssl.conf

Restart Apache:

$ sudo service apache2 restart

The website is now secure, access it using following address in the browser

https://YOUR_SERVER_IP

 

Published by Sumesh MS