This document describes the steps to enable SSL Certificate on Apache Webserver to encrypt a site’s information and create a more secure connection. Additionally, the certificate can show the virtual private server’s identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the virtual server’s details while a self-signed certificate has no 3rd party corroboration.
Install Mod SSL
First to be sure that Apache Mod SSL are installed:
|Install SSL module||
|Load SSL module in Apache||
Copy your SSL certificate to your server
First copy your Certificate files to your server, for example to the following locations:
|create a new directory where the server key and certificate will be stored||mkdir /etc/httpd/ssl|
Creating the self-signed SSL certificate
Run the cmmand below:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
This command will prompt terminal to display a lists of fields that need to be filled in. The most important line is “Common Name”. Enter your official domain name here.
Remove default Apache virtual host
By default mod_ssl sets up a virtual host that we don’t need.
Edit /etc/httpd/conf.d/ssl.conf and remove the virtual host definition from
“<VirtualHost _default_:443>” to “</VirtualHost>”.
Setup your virtual hosts to display the new certificate. Add the directives from the template below to your SSL configuration (for example /etc/httpd/conf.d/vhosts.conf), to enable SSL on your site:
Here’s a template for the virtual host definition:
DocumentRoot /var/www/vhosts/ exampledomain.com /httpdocs
ServerAlias www. exampledomain.com
ErrorLog logs/ exampledomain.com -ssl-error_log
CustomLog logs/ exampledomain.com -ssl-access_log common
<Directory /var/www/vhosts/exampledomain.com /httpdocs>
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCertificateFile /etc/pki/tls/certs/ exampledomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/ exampledomain.com.key
The SSLEngine On directive turns SSL on.
Restart Apache to reload your changes.
- If you get a message like this on httpd restart “[warn] _default_ VirtualHost overlap on port 443, the first has precedence” then you’ve not removed the default virtual host created by mod_ssl.
- You may need to adjust the iptables configuration to allow traffic to TCP port 443.