05.20.08

Enabling ssl on your apache2 with debian etch

Posted in Debian, Linux at 11:08 pm by

This is in now way the definitive guide to getting ssl to work on your host. This is what worked for me.

First you need to get openssl

apt-get install openssl ssl-cert

Generate a self signed cert. This will protect your traffic however it will give warning in the browser of the user.

If you don’t want these warnings you will have to get a cert from a trusted certificate authority.

openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

It will ask some questions, you can fill in what you want on most of them, however

Common Name (eg, YOUR name) []: *.yoursite.com

Make sure you give the name of your top level domain there.

Give the pem file the right permissions:

chmod 600 /etc/apache2/apache.pem

You want the server to listen on the ssl port, so you change /etc/apache2/ports.conf to

Listen 80
Listen 443

You add the Listen 443 line.

Now you want have to edit the default file

vi /etc/apache2/sites-available/default

Change
NameVirtualHost *
To
NameVirtualHost *:80
NameVirtualHost *:443

I looked long for this part, for some reason I have to add this to my default file, else ssl doesn’t work on my

other virtual hosts.


SSLCertificateFile /etc/apache2/apache.pem
SSLEngine On

Then you have to
add

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

to the definition of your host which you want to run with ssl.

sample:

ServerName sample.com

#other directives

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
SSLCertificateKeyFile /etc/apache2/apache.pem

/etc/init.d/apache2 restart
That’s it.

Comments are closed.