Secure HTTP (SSL/TLS) has become a must if you are planning to setup a website which includes user authentication (ie. login box) or sensitive data. HTTPS prevents the sensitive data from being transfered across the network in clear text where it is susceptible to being sniffed or altered. Here is the tutorial on how to setup a secure HTTP on Apache web server in Ubuntu 10.04 (Lucid Lynx).
What do you need?
- apache2 (Web Server)
- openssl
- A bit patient, because it will take some time to learn
Step 1: Create a self-signed certificate
You need to create a self-signed certificate with openssl. To do that you will need to generate the server key.
openssl genrsa -des3 -out server-sec.key 4096
…and certificate signing request (CSR)
openssl req -new -key server-sec.key -out server.csr
After that, generate the server certificate by signing it with the server key.
openssl x509 -req -days 365 -in server.csr -signkey server-sec.key -out server.crt
Keep the server-sec.key in a secure location, with read/write permission assigned only to root. Then generate a password-less copy of the key for Apache use.
openssl rsa -in server-sec.key -out server.key
By this time, you should have :
- server.key (passwordless key for Apache)
- server.csr (certificate signing request)
- server.crt (certificate)
- server-sec.key (server key)
Continue reading “How to setup Secure Webserver HTTPS (SSL) on Apache in Ubuntu”