Quick tips to Install SSL Certificate on Apache Server 2

The Apache Foundation released its new version (Version 2) in 2002 following the overwhelming success of its first version. Version 2 mostly focused on further modularization of the development of the Apache core, but there were also several improvements including, Unix threading, IP version 6 support and most important of it all, it gave better support for Non-Unix platforms like Microsoft Windows.

These powerful improvements have made Apache web server a number one choice to host over 100 million websites and web applications on the internet.

apache web server 2 image

If you have Apache 2.x installed already, then you’re good to go as you don’t need anything extra installed.

If you haven’t installed it, then you can easily do so with our step-by-step guide:

earth:~# apt-get install apache2
Reading Package Lists... Done
Building Dependency Tree... Done
The following extra packages will be installed:
apache2-common apache2-mpm-worker apache2-utils cheapsslsecurityssl-cert
Suggested packages:
apache2-doc ca-certificates
The following NEW packages will be installed:
apache2 apache2-common apache2-mpm-worker apache2-utils cheapsslsecurityssl-cert
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 2040kB of archives.
After unpacking 6218kB of additional disk space will be used.
Do you want to continue? [Y/n]

Once the server is installed you need to do three things to get a working SSL setup:

  1. Generate, or import a certificate
  2. Enable Apache’s SSL support
  3. Configure your SSL options

Generating a Certificate

Generation of a certificate from scratch will protect the traffic exchanged between clients and your server; however, it will be signed by an untrustworthy certificate authority which will generate warnings.

Importing a paid and “trusted” certificate will avoid this problem, but that is beyond the scope of this simple introduction.

Generating SSL Certificate for Apache2 may be accomplished using the apache2-ssl-certificate script. This will create an interactive questionnaire followed by proper generation of the certificate file.

Illustration of the session:

earth:~# apache2-ssl-certificate
creating selfsigned certificate
replace it with one signed by a certification authority (CA)
enter your ServerName at the Common Name prompt
If you want your certificate to expire after x days call this programm
with -days x
Generating a 1024 bit RSA private key
............++++++
..........................++++++
writing new private key to '/etc/apache2/ssl/apache.pem'
-----

Here you would be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is called a Distinguished Name or a DN.

There are quite a few fields to fill up, but you can leave some of them blank. For some fields, there will be a default value,

If you enter ‘.’, the field will be left blank.

—–

Country Name (2 letter code) [GB]:
State or Province Name (full name) [Some-State]: Scotland
Locality Name (eg, city) []: Edinburgh
Organization Name (eg, company; recommended) []: eThan Hunt
Organizational Unit Name (eg, section) []:
server name (eg. ssl.domain.tld; required!!!) []: eThan
Email Address []: [email protected]

Enabling SSL Support

To use SSL facilities of Apache2 you must enable the module mod_ssl, this can be achieved using the helper tool a2enmod

As root run:

earth:~# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.

Once this is done you’ll have Apache setup to accept SSL connections, but the server will still only be listening for incoming HTTP requests on port 80 – and not SSL connections on port 443. To fix this you must add a line to the file /etc/apache2/ports.conf:

Listen 443

With these two steps out of the way you now have an Apache setup which will listen for and accept SSL connections. The next step is to modify your virtual host to use it.

Configuring your SSL Hosts

With a certificate setup and the server updated to load and listen for incoming SSL connections, you’re almost done. The final step would be when your virtual hosts or main host accepts SSL options.

I use virtual hosts on my machine which means adding a couple of options to each one I wish to use the SSL for:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem

For reference here is a complete example which should be easy to modify/understand:

NameVirtualHost *:443
NameVirtualHost *:80
<VirtualHost *:80>
ServerNameeThan.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerNameeThan.my.flat
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.pem
</VirtualHost>

Buy SSL Certificates at a Cheap Price and Save 88%

Get an SSL certificate from world-class commercial Certificate Authorities such as Comodo, Sectigo, DigiCert, Symantec, Thawte, RapidSSL, and GeoTrust.

Shop for Cheap SSL Certificates

Related Posts

Author

Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.

bold
Close