Wednesday, December 28, 2011

Enable SSL for you website over Apache

run commands underline with root permission , or add prefix sudo.
tested on Ubuntu 11.04

1,install openSSL
in most conditions, openSSL was already installed.
however, run command to make sure it was installed
apt-get install openssl

1.5,enable SSL module
a2enmod ssl

2,edit /etc/apache2/ports.conf
add following, if they were not existing. You can leave them in <IfModule mod_ssl.c>, that's fine, coz you've enabled SSL module

NameVirtualHost *:443
Listen 443

3,create self-signed certification
mkdir /etc/apache2/ssl
openssl req -new -x509 -nodes -out  /etc/apache2/ssl/apache.pem -keyout  /etc/apache2/ssl/apache.key

4,edit /etc/apache2/sites-available/default-ssl
Step1,edit <VirtualHost __default__:443> to <VirtualHost *:443>
Step2,make sure "SSLEngine on" is uncommented.
Step3,modify file path of certificate file and key file.

      SSLCertificateFile    /etc/apache2/ssl/apache.pem
      SSLCertificateKeyFile /etc/apache2/ssl/apache.key

5,firewall setting
if you have a firewall running. make sure port 443 for SSL, is not forbidden.
ufw allow 443

6,restart apache2
service apache2 restart

7,Error apache2 Error code: ssl_error_rx_record_too_long

sudo a2ensite default-ssl
sudo /etc/init.d/apache2 reload

No comments:

Post a Comment