Setup SSL with Apache

SSL is a technique based on public/private key cryptography. It runs on port 443 accessed via https://servername

# Certificates

1. Generate a Private Key & CSR (Certificate Signing Request)

openssl req -new -newkey rsa:2048 -nodes -keyout mylinuxtips.info.key -out mylinuxtips.info.csr

You will be asked a series of questions to which you need to provide answers. These answers will appear on the certificate itself. An example is given below:

Country Name (2 letter code) [GB]: IN

State or Province Name (full name) [Berkshire]:Delhi

Locality Name (eg, city) [Newbury]:New Delhi

Organization Name (eg, company) [My Company Ltd]:Linux Tips

Organizational Unit Name (eg, section) []: IT

Common Name (eg, your name or your server’s hostname) []:mylinuxtips.info

Email Address []:[email protected]

# After that you can sign the certificate yourself or you can submit the request to one of the CA for signing.

# Method for signing yourself
openssl x509 -req -days 365 -in www.mylinuxtips.info.csr -signkey www.mylinuxtips.info.key -out www.mylinuxtips.info.crt

# In case we got the CSR signed by third party, they will provide chain certificate too which is sometimes also called bundle certificate. This chain certificate avoids non trusted warning messages shown by some browsers.

4. Configuration in /etc/httpd/conf/httpd.conf file
<VirtualHost _default:443>
ServerName www.mylinuxtips.info
SSLEngine on
SSLCertificateFile /path/to/www.mylinuxtips.info.crt
SSLCertificateKeyFile /path/to/www.mylinuxtips.info.key

SSLCACertificateFile /path/to/chain.crt

</VirtualHost>

Leave a Reply

Your email address will not be published. Required fields are marked *