Secure HTTP (SSL/TLS) has become a must if you are planning to setup a website which includes user authentication (ie. login box) or sensitive data. HTTPS prevents the sensitive data from being transfered across the network in clear text where it is susceptible to being sniffed or altered. Here is the tutorial on how to setup a secure HTTP on Apache web server in Ubuntu 10.04 (Lucid Lynx).
What do you need?
- apache2 (Web Server)
- A bit patient, because it will take some time to learn
Step 1: Create a self-signed certificate
You need to create a self-signed certificate with openssl. To do that you will need to generate the server key.
openssl genrsa -des3 -out server-sec.key 4096
…and certificate signing request (CSR)
openssl req -new -key server-sec.key -out server.csr
After that, generate the server certificate by signing it with the server key.
openssl x509 -req -days 365 -in server.csr -signkey server-sec.key -out server.crt
Keep the server-sec.key in a secure location, with read/write permission assigned only to root. Then generate a password-less copy of the key for Apache use.
openssl rsa -in server-sec.key -out server.key
By this time, you should have :
- server.key (passwordless key for Apache)
- server.csr (certificate signing request)
- server.crt (certificate)
- server-sec.key (server key)
Step 2: Enable SSL config in Apache
In this step, you must enable SSL website in Apache by creating a symlink of ‘default-ssl’.
ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
Then edit /etc/apache2/sites-available/default-ssl file using your favorite text editors (I prefer nano!) and change the config from something this:
Then, in the same default-ssl file, find a line that begins with “SSLEngine on” and add the following lines.
Step 3: Final step, Copying certificates and activating SSL
Ensure that the config file has been saved. Then as root, create /etc/apache2/ssl/ directory, then copy the certificate and server key generated from Step 1 to /etc/apache2/ssl/ directory.
cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl
After that, enable SSL module by typing
Finally, restart apache2 by typing (as root, sudo) :
Result: A secure HTTP connection
If everything works out fine, you will see this screen.
Please drop in your comment for suggestions and improvements.