Difference between revisions of "Set up apache for https"

From Linuxintro
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
This article describes how you can secure your webpage running on [[apache2]] with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html.
+
I followed the instructions on https://letsencrypt.org/getting-started/ and in 11 minutes, I had my web server working with ssl certificates. I donated them money then as I think there is nothing better on this planet to get secure https. Before I did have https, but it showed as not trusted.
 
 
To forbid http (to only allow https) you can use Apache's [http://serverfault.com/questions/429634/restrict-apache-to-only-allow-access-using-ssl-for-some-directories SSLRequireSSL] configuration directive.
 
<ol>
 
<li>[[set up apache]]</li>
 
<li>[[open a console]] as root</li>
 
<li>set up your Certification authority and create dummy-certificates</li>
 
/usr/bin/gensslcert
 
<li>get your SSL Configuration from the given template</li>
 
cd /etc/apache2/vhosts.d
 
cp vhost-ssl.template vhost-ssl.conf
 
<li>change your SSL Configuration</li>
 
have apache2 start per default with SSL. To do this, edit /etc/sysconfig/apache2. Search for APACHE_SERVER_FLAGS and add SSL like this:
 
APACHE_SERVER_FLAGS="SSL"
 
<li>restart apache2</li>
 
/etc/init.d/apache2 restart
 
<li>make sure you have content to show</li>
 
echo "this is a test" >> /srv/www/htdocs/index.html
 
<li>test your configuration</li>
 
wget --no-check-certificate --no-proxy https://localhost
 
</ol>
 
 
 
= get a new certificate =
 
To get a new certificate
 
* backup your old certificate:
 
cd
 
cp /etc/apache2/ssl.crt/server.crt .
 
* create a new certificate, e.g. for ''newhostname.domain''
 
genssl -n ''newhostname.domain''
 
* restart [[apache]]
 
/etc/init.d/apache2 restart
 
 
 
= See also =
 
* [[security]]
 
* [[apache]]
 

Latest revision as of 17:05, 13 August 2023

I followed the instructions on https://letsencrypt.org/getting-started/ and in 11 minutes, I had my web server working with ssl certificates. I donated them money then as I think there is nothing better on this planet to get secure https. Before I did have https, but it showed as not trusted.