Difference between revisions of "Setup Apache2 for https"

From ThorstensHome
Jump to: navigation, search
m (Reverted edits by (Talk); changed back to last version by WikiSysop)
m (1 revision(s))

Latest revision as of 09:09, 18 October 2008

This article describes how you can secure your webpage running on apache2 with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html

This article assumes you are running on SUSE Linux. It assumes your e-Mail-address is root@localhost and your server's IP is You may want to replace these. It also assumes you have not more than one virtual server on your apache, it changes the settings of all virtual servers. This article assumes you have already a a webpage that can be displayed, it takes as example location of your webpage. This article assumes you know about SSL, https and certificates.

  1. set up your Certification authority
  2. cd /usr/share/ssl/misc
    ./CA.pl -newca

    remember the passphrase you are giving. The common name has to be your server's IP.
    To delete a Certification Authority that has been created accidentially, you can do a rm -rf /usr/share/ssl/misc/demoCA

  3. Create a certificate signing request
  4. ./CA.pl -newreq

    again, you have to use your server's IP as common name. You may leave the challenge password blank.

  5. sign the CSR
  6. ./CA.pl -sign
  7. copy the files to the right locations
  8. cp /usr/share/ssl/misc/newcert.pem /etc/apache2/ssl.crt/server.crt
    cp /usr/share/ssl/misc/newreq.pem /etc/apache2/ssl.key/server.key
  9. get your SSL Configuration from the given template
  10. cd /etc/apache2/vhosts.d
    cp vhost-ssl.template vhost-ssl.conf
  11. change your SSL Configuration
    1. In vhost-ssl.conf, replace
    2. #ServerName www.example.com:443


    3. replace
    4. #ServerAdmin webmaster@example.com


      ServerAdmin root@localhost
    5. replace
    6. <VirtualHost _default_:443>


      <VirtualHost *:443>
    7. have apache2 start per default with SSL
    8. edit /etc/sysconfig/apache2: replace



    9. change


  12. enable name-based virtual servers
  13. edit /etc/apache2/listen.conf, replace

    #NameVirtualHost *:80


    NameVirtualHost *:80
  14. create dummy-certificates
  15. /usr/bin/gensslcert
  16. restart apache2
  17. /etc/init.d/apache2 restart
  18. test your configuration
  19. surf to Expected result: The browser complains it does not know the server's certificate.