How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu

Secure HTTP (SSL/TLS) has become a must if you are planning to setup a website which includes user authentication (ie. login box) or sensitive data. HTTPS prevents the sensitive data from being transfered across the network in clear text where it is susceptible to being sniffed or altered. Here is the tutorial on how to setup a secure HTTP on Apache web server in Ubuntu 10.04 (Lucid Lynx).

What do you need?

  • apache2 (Web Server)
  • openssl
  • A bit patient, because it will take some time to learn

Step 1: Create a self-signed certificate
You need to create a self-signed certificate with openssl. To do that you will need to generate the server key.

openssl genrsa -des3 -out server-sec.key 4096

…and certificate signing request (CSR)

openssl req -new -key server-sec.key -out server.csr

After that, generate the server certificate by signing it with the server key.

openssl x509 -req -days 365 -in server.csr -signkey server-sec.key -out server.crt

Keep the server-sec.key in a secure location, with read/write permission assigned only to root. Then generate a password-less copy of the key for Apache use.

openssl rsa -in server-sec.key -out server.key

By this time, you should have :

  • server.key (passwordless key for Apache)
  • server.csr (certificate signing request)
  • server.crt (certificate)
  • server-sec.key (server key)

Step 2: Enable SSL config in Apache

In this step, you must enable SSL website in Apache by creating a symlink of ‘default-ssl’.

ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl

Then edit /etc/apache2/sites-available/default-ssl file using your favorite text editors (I prefer nano!) and change the config from something this:

<Virtualhost *:443>
ServerAdmin webmaster@localhost
ServerName localhost
DocumentRoot /var/www-ssl/html/

Then, in the same default-ssl file, find a line that begins with “SSLEngine on” and add the following lines.

SSLEngine on
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/certs/ssl-cert-snakeoil.key

SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

Step 3: Final step, Copying certificates and activating SSL
Ensure that the config file has been saved. Then as root, create /etc/apache2/ssl/ directory, then copy the certificate and server key generated from Step 1 to /etc/apache2/ssl/ directory.

mkdir /etc/apache2/ssl
cp server.key /etc/apache2/ssl
cp server.crt /etc/apache2/ssl

After that, enable SSL module by typing

a2enmod ssl

Finally, restart apache2 by typing (as root, sudo) :

/etc/init.d/apache2 restart

Result: A secure HTTP connection
If everything works out fine, you will see this screen.

Mozilla Firefox

And this,

Mozilla Firefox

Please drop in your comment for suggestions and improvements.

[original source]

3 Replies to “How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu”

  1. Thank you for the good instructions!

    Just wonder.. Why are we using des3 in the key gen? I used aes256.

    Did you just use des3 for a reason?

Comments are closed.