linux:apache2_ssl

Last modified Sunday 27-03-2011

Apache 2 HTTPS/SSL

This will create a default secure site on your apache2 server.

Create the file /etc/apache2/sites-available/default-ssl 

<VirtualHost *:443>
        ServerAdmin webmaster@notfound.dk
        SSLEngine on
        SSLCertificateFile /etc/apache2/apache.pem
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

run the following commands as root 

$ a2ensite default-ssl
$ openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
$ a2enmod ssl
$ /etc/init.d/apache2 restart

You should now have running apache2 server running with https/ssl and your own certificate.

Cacert.org ssl certificate

As noted above you are able to run an apache server using SSL, however your browser will notify you about that your certificate is not trustable. To solve this you can use the free service at cacert. Create your account on cacert first.

Next Create your own certificate. 

$ cd /etc/apache2/ssl
$ openssl req -newkey rsa:1024 -subj  /CN=notfound.dk -nodes -keyout notfound.dk.pem -out notfound.dk.csr.pem

After the two files are created proceed as follows: In your CACert.org account add a new certificate (Server certificates > New). Past the content of the (certificate signing request) file your-domain.com.csr.pem into the textarea. Check “CommonName” on the next screen and click submit. Copy the generated server certificate and past it at the end of your (key) file your-domain.com.pem

Create the file notfound.dk-ssl in /etc/apache2/sites-available 

<VirtualHost *:443>
DocumentRoot "/home/priv_mikkel/public_html/notfound"
ServerName notfound.dk
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/notfound.dk.pem

<Directory "/home/priv_mikkel/public_html/notfound">
allow from all
Options +Indexes
#AllowOverride Indexes
</Directory>
</VirtualHost>

Now enable the site 

$ a2ensite notfound.dk-ssl
$ /etc/init.d/apache2 reload

And you're done.