Image via Wikipedia
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.
Any administrator of a computer should always practice security using any means possible.Starting from the beginning you can install the whole Apache2 HTTP daemon via Synaptic, apt-get or aptitude.
sudo aptitude install apache2
Grant yourself a home for Apache2 and create a public_html folder (run as normal user, not root). Once created browse there.
mkdir ~/public_html
NOTE: apache2-ssl-certificate has gone missing since feisty To fix this, we have to do a four extra steps.
wget http://czarism.com/files/apache2-ssl.tar.gz
tar -xzvf apache2-ssl.tar.gz
sudo mv ssleay.cnf /usr/share/apache2/
sudo mv apache2-ssl-<a href="http://en.wikipedia.org/wiki/Public_key_certificate" title="Public key certificate" rel="wikipedia" class="zem_slink">certificate</a> /usr/sbin/sudo apache2-ssl-certificate
Now you need to configure Apache2 to use https (secured) on port 443 (standard port for SSL). Browse to /etc/apache2/ to make the changes.
creating selfsigned certificate
replace it with one signed by a certification authority (<a href="http://en.wikipedia.org/wiki/Certificate_authority" title="Certificate authority" rel="wikipedia" class="zem_slink">CA</a>)
enter your ServerName at the Common Name prompt<br>
If you want your certificate to expire after x days call this programm<br>
with -days x<br>
Generating a 1024 bit RSA private key<br>
............................++++++<br>
.................++++++<br>
writing new private key to '/etc/apache2/ssl/apache.pem'<br>
-----<br>
You are about to be asked to enter information that will be incorporated<br>
into your certificate request.<br>
What you are about to enter is what is called a Distinguished Name or a <a href="http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol" title="Lightweight Directory Access Protocol" rel="wikipedia" class="zem_slink">DN</a>.<br>
There are quite a few fields but you can leave some blank<br>
For some fields there will be a default value,<br>
If you enter '.', the field will be left blank.<br>
-----<br>
Country Name (2 letter code) [GB]:US<br>
State or Province Name (full name) [Some-State]:XX<br>
Locality Name (eg, city) []:Xxxx<br>
Organization Name (eg, company; recommended) []:Czarism Systems<br>
Organizational Unit Name (eg, section) []:Security<br>
server name (eg. ssl.domain.tld; required!!!) []:czarism.com<br>
Email Address []:czarphanguye@gmail.com<br>cd /etc/apache2/
Here you will see two folders; sites-enabled and sites-available. First make a copy of the current available site and name that "ssl".
sudo cp sites-available/default sites-available/ssl
Then make a symbolic link to your new configuration to enable the properties.
sudo ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/000-ssl
To verify;
ls -la sites-enabled/
should look something similar to;lrwxrwxrwx 1 root root 22 2006-01-08 20:22 000-ssl -> ../sites-available/sslNow you must configure the "ssl" host. This may be done in gedit, nano, vi, or what ever floats-your-boat. Here I use VI;
sudo vi sites-available/ssl
FIND:
NameVirtualHost *
<virtualhost *="">
ServerAdmin webmaster@localhost
DocumentRoot /var/www/</virtualhost>NameVirtualHost *:443
<virtualhost *:443="">
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLEngine On</virtualhost>/etc/apache2/ports.conf
sudo vi /etc/apache2/ports.conf
Add the following under Listen 80
Listen 443
Restart Apache2 for the changes to take place.
sudo /etc/init.d/apache2 restart
Finished! browse to https://localhost and verify and accept your very own SSL certificate.Also see this site which helped me write this entry.
[1] http://www.geocities.com/arhuaco/doc/subversion/apache-subversion-in-debian.html
| Attachment | Size |
|---|---|
| apache2-ssl.tar.gz | 964 bytes |
whew
you have no idea how much this helped me....thanks a lot!!
Thank you
Nicely put together, thanks.
I did need to add the following myself when using with a *non* self signed cert:
SSLCertificateKeyFile /etc/apache2/ssl/apache-keyfile.pemThanks
Mike
apache2+ssl+ubuntu
Really Thanks.. I found that it`s easier to setup this subj on gentoo then ubuntu )
External Links
Problem creating symbolic link
I followed the instructions but for some reason the symbolic link to /etc/apache2/sites-available/ssl is not working. it does create the 000-ssl file in sites-enabled but its in red and the server doesn't restart. stating an error cannot open document config file. if i copy the file directly to the sites enabled it works fine. how to fix this problem?
Re: Debian/Ubuntu Apache2 and OpenSSL (https)
thanks a lot for your work.
Just a tiny thing, there is a little mistake on the line :
[coolcode]sudo ln -s /etc/apache2/sites-avilable/ssl /etc/apache2/sites-enabled/000-ssl[/coolcode]
this should be :
[coolcode]sudo ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/000-ssl[/coolcode]
the directory of
sites-availablewas not written correctlyRevisioned
ty Anonymous. This typo has been fixed in Revision #1381 (Wed, 2007-10-31 18:38)
Thanks
Hello
It's a very good and correct howto. Thank you for it!
Regards: Molnar Tamas (from Hungary)
Re: Debian/Ubuntu Apache2 and OpenSSL (https)
Thx a lot!! It worked perfectly!!!
In case of error 12263
After following this howto I was reciving error 12263 whenever I tried to access the server using SSL.
I had made a mistake here:
NameVirtualHost *:443<VirtualHost *:443>
I had forgotten to add the
:443on to the<Virtualhost *>line. Chased my tail for a while trying to sort it out, hope this helps someone!