Enable HTTPS on your Web Serve


HTTP secured, that is what we commonly hear about https. What does it brings in … A secure communication for the client as well as an assurance that the server is actually what it claims to be.  HTTPs is not generally a protocol by itself, it is actually layering http upon SSL, simplly encrypting the http traffic.

In this post, I will be explaining how to enable https on an apache web server running on a linux host. I am expecting that you already have apache and SSL configured in your system. So lets begin….

1.Activate SSL module

Apache is shipped with SSL module disabled. Hence we have to manually enable it. The following command can be used to enable SSL in apache.

sudo a2enmod ssl

2.Create a self signed SSL Certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a “mini CA” or edit certificate trust settings.

-nodes is used to specifie no passphrase should be used. If you use a passphrase, you will have to enter it whenever you restart your server.

3.Update SSL config file

 

sudo vim /etc/apache2/sites-available/default

Make the following modifications in the file

  • Change the port on the virtual host to 443
    <VirtualHost *:443>
  • Add  your server name  below the Server Admin email
    ServerName localhost:443
  • Replace localhost with the domain name, if a domain name was given in “Common Name” above
  • Add SSL configurations to the file
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key

4. Activate the new Virtual Host

sudo a2ensite default

Restart apache for the changes to take effect

sudo  /etc/init.d/apache2 restart

That is it…. HTTPS is configured in your web server with a self signed certificate.

NB:- It is always preferable to get the certificate signed by an authorized CA. Some browsers deny access for untrusted certificates.