Technology and Software

Setting up Apache with SSL

It took more than I expected to set up Apache SSL on my development system so let’s recap the steps.

Preconditions: openssl and apache2, get from here.
1) Setting up a certification authority to self sign the server certificate.

$ mkdir ~/ssl; cd ~/ssl
$ openssl genrsa -des3 -out ca.key 1024
You’ll have to chose a passphrase, store it because you’ll need it every time you’ll sign a certificate.

$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
$ sudo cp ca.crt /etc/ssl/certs/ca.crt
$ sudo cp ca.key /etc/ssl/certs/ca.key

2) Generating the server certificate.

$ openssl genrsa -out 1024
Do not use a passphrase unless you want to enter it each time you’ll restart Apache.

$ openssl req -new -key -out
Remember that the Common Name (CN) is the name of your server.

$ cd /etc/ssl
$ sudo ~/ssl/ ~/ssl/
You need the CA passphrase here (from step 1). The certificate is created in ~/ssl/

3) Installing the certificates in Apache

$ cd /etc/apache2/ssl
$ sudo cp ~/ssl/ .
$ sudo cp ~/ssl/ .
$ sudo /etc/init.d/apache2 restart

4) Configuring Apache

Add the following lines to your Apache configuration file

NameVirtualHost a.b.c.d
# Explicitly listen on port 443 for SSL to work
# This really surprised me, shouldn’t Apache do it automatically
# after seeing the VirtualHost directive?)
Listen 443

<VirtualHost a.b.c.d:80>
DocumentRoot /some/where

DocumentRoot /some/where
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/
SSLCertificateKeyFile /etc/apache2/ssl/

Restart apache

$ sudo /etc/init.d/apache2 restart

That’s it!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s