16 August 2008

HTTPS in Apache in Ubuntu

If there's an easy way to make Apache in Ubuntu (v7.10, gutsy) do HTTPS, I can't find it. So I played around with it this morning and got it working.

First you need to generate an SSL certificate. I just went with self-signed certificates:

openssl genrsa -out apache.key 1024
openssl req -new -key apache.key -x509 -out apache.crt \
-days 365 -set_serial `date +%s`

I saved these two files as /etc/ssl/certs/apache.crt and
/etc/ssl/private/apache.key.

And then I saved the following as
/etc/apache2/sites-available/default-ssl:

NameVirtualHost *:443
<VirtualHost *:443>
DocumentRoot "/var/www"
ServerName www.example.com:443
ErrorLog /var/log/apache2/ssl_error.log
TransferLog /var/log/apache2/ssl_access.log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/ssl/certs/apache.crt
SSLCertificateKeyFile /etc/ssl/private/apache.key
</VirtualHost>


Then after enabling the new site (a2ensite default-ssl) and restarting Apache (/etc/init.d/apache2 reload), I was able to connect to https://localhost/. FireFox3 complained bitterly about the self-signed certificate, but adding the exception straightened that out.

No comments: