Setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu


Secure HTTP (SSL/TLS) is a must if you have a website with authentication or any sensitive data. For our University Digital library I needed to set up HTTPS last week. Here I will be explaining step by step methods to implement HTTPS.
Hypertext Transfer Protocol Secure / HTTPS are a protocol to transfer encrypted data over the Web. SSL is a protocol for cryptographically securing transactions between a web browser and a web server.

First let me explain what is the basic difference between http & https.

  • HTTPS connects on port 443, while HTTP is on port 80
  • HTTPS encrypts the data sent and received with SSL (Secure Sockets Layer), while HTTP sends it all as plain text

Most of us know that they should look for the https in the URL and the lock icon in their browser when they are making a transaction online. So if your site is not using HTTPS, you will lose customers. But even still, it is common to find Web sites that collect money including credit card data over a plain HTTP connection. This should avoid
With this tutorial you can learn how to setup a secure HTTP on Apache web server in Ubuntu 10.04 or Higher.

Prerequisites

  •  apache2 (Web Server)
  •  openssl
  • And  🙂  Patient, because it will take some time to learn.

Step 1 :  Creating a Certificate
This first and one of the most important steps is to create certificates. The certificates can create with or without passphrase.

For testing purposes, or for small LANs, you can create a self-signed certificate with openssl. This can be done by issuing this command:

  openssl genrsa -des3 -out server-sec.key 4096 

…and certificate signing request (CSR)

  openssl req -new -key server-sec.key -out server.csr 

Generate the server certificate by signing it with server key

  openssl x509 -req -days 365 -in server.csr -signkey server-sec.key -out server.crt 

You must keep the server-sec.key  in a secure location with r/w permission only to root. After that lets generate a password-less copy of the key for Apache use.

  openssl rsa -in server-sec.key -out server.key 

Now you got four different files

server.key (passwordless key for Apache)
server.csr (certificate signing request)
server.crt (certificate)
 server-sec.key (server key)

Step 2: Setup SSL configuration in Apache

In this step, you must enable SSL website in Apache by creating a symbolic-link of ‘default-ssl’.

 ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl

Then you can edit /etc/apache2/sites-available/default-ssl file using text editors like VIM or nano.

<Virtualhost *:443>
ServerAdmin webmaster@localhost
ServerName localhost
DocumentRoot /var/www-ssl/html/

Add the  SSLEngine on in same file and also comment the default SSLCertificate File path and include your file path.

SSLEngine on
..
..
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/certs/ssl-cert-snakeoil.key

SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Step 3: Final step, Moving certificates and activating SSL
After saving the config file, as root create a directory ssl inside /etc/apache2. Then copy the certificate and server key to this directory.

mkdir /etc/apache2/ssl
cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl

After that, enable SSL module by typing

 a2enmod ssl

Finally, restart apache2 by typing (as root, sudo) :

 /etc/init.d/apache2 restart

And you are done 🙂

If everything works fine you will see a page like this

Advertisements

9 thoughts on “Setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: