Technology and Software

Setting up Apache with SSL

It took more than I expected to set up Apache SSL on my development system so let’s recap the steps.

Preconditions: openssl and apache2, get sign.sh from here.
1) Setting up a certification authority to self sign the server certificate.

$ mkdir ~/ssl; cd ~/ssl
$ openssl genrsa -des3 -out ca.key 1024
You’ll have to chose a passphrase, store it because you’ll need it every time you’ll sign a certificate.

$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
$ sudo cp ca.crt /etc/ssl/certs/ca.crt
$ sudo cp ca.key /etc/ssl/certs/ca.key

2) Generating the server certificate.

$ openssl genrsa -out domain.com.key 1024
Do not use a passphrase unless you want to enter it each time you’ll restart Apache.

$ openssl req -new -key http://www.domain.com.key -out http://www.domain.com.csr
Remember that the Common Name (CN) is the name of your server.

$ cd /etc/ssl
$ sudo ~/ssl/sign.sh ~/ssl/www.domain.com.csr
You need the CA passphrase here (from step 1). The certificate is created in ~/ssl/www.domain.com.crt

3) Installing the certificates in Apache

$ cd /etc/apache2/ssl
$ sudo cp ~/ssl/www.domain.com.crt .
$ sudo cp ~/ssl/www.domain.com.key .
$ sudo /etc/init.d/apache2 restart

4) Configuring Apache

Add the following lines to your Apache configuration file

NameVirtualHost a.b.c.d
# Explicitly listen on port 443 for SSL to work
# This really surprised me, shouldn’t Apache do it automatically
# after seeing the VirtualHost 192.168.0.40:443 directive?)
Listen 443

<VirtualHost a.b.c.d:80>
ServerAdmin you@domain.com
DocumentRoot /some/where
ServerName http://www.domain.com
</VirtualHost>

<VirtualHost 192.168.0.40:443>
ServerAdmin you@domain.com
DocumentRoot /some/where
ServerName http://www.domain.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/domain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/domain.com.key
</VirtualHost>

Restart apache

$ sudo /etc/init.d/apache2 restart

That’s it!

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s