TLS/SSL Certificate Installation for Apache on Ubuntu Server
Configure Apache With TLS/SSL Certificate on Ubuntu Server
Generate Certificate
Create a directory place to store the file
$ mkdir ~/certificates $ cd ~/certificates
Generate a CSR and private key using following command
$ openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes
Complete the process with it using the relevant information
Country Name (2 letter code) [AU]: BH State or Province Name (full name) [Some-State]: Manama Locality Name (eg, city) []: Manama Organization Name (eg, company) [My Company]: GrassPalm Organizational Unit Name (eg, section) []:IT The common name is your domain name or the server IP address. Common Name (e.g. server FQDN or YOUR name) []: apache01.gp.local Email Address []:admin@gp.local
Now move the certificate into the same folder you created using the following commands
$ mkdir /etc/apache2/ssl $ mv ~/certificates/* /etc/apache2/ssl/.
Apache virtual host configuration
Navigate to the default Apache site config directory using the following command
$ sudo nano /etc/apache2/sites-available/default-ssl.conf
This config file tells the server where to find SSL certificate. It should look like this:
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <FilesMatch ".(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule>
Edit this: ServerAdmin webmaster@localhost to this :
ServerAdmin admin@gp.local
Add this right below the ServerAdmin line:
ServerName ADD_YOUR_IP_OR_DOMAIN_NAME_HERE
Now, edit these lines with our certificate location:
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
The new file should look like this:
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin admin@gp.local ServerName apache01.gp.local DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key <FilesMatch ".(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> </VirtualHost> </IfModule>
Save the file, and close it.
Enable the SSL module using following command
$ sudo a2enmod ssl
Enable the site we have just edited:
$ sudo a2ensite default-ssl.conf
Restart Apache:
$ sudo service apache2 restart
The website is now secure, access it using following address in the browser
https://YOUR_SERVER_IP