|
|
(One intermediate revision by the same user not shown) |
Line 1: |
Line 1: |
− | This article describes how you can secure your webpage running on [[apache2]] with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html.
| + | I followed the instructions on https://letsencrypt.org/getting-started/ and in 11 minutes, I had my web server working with ssl certificates. I donated them money then as I think there is nothing better on this planet to get secure https. Before I did have https, but it showed as not trusted. |
− | | |
− | To forbid http (to only allow https) you can use Apache's [http://serverfault.com/questions/429634/restrict-apache-to-only-allow-access-using-ssl-for-some-directories SSLRequireSSL] configuration directive.
| |
− | <ol>
| |
− | <li>[[set up apache]]</li>
| |
− | <li>[[open a console]] as root</li>
| |
− | <li>set up your Certification authority and create dummy-certificates</li>
| |
− | /usr/bin/gensslcert
| |
− | <li>get your SSL Configuration from the given template</li>
| |
− | cd /etc/apache2/vhosts.d
| |
− | cp vhost-ssl.template vhost-ssl.conf
| |
− | <li>change your SSL Configuration</li>
| |
− | have apache2 start per default with SSL. To do this, edit /etc/sysconfig/apache2. Search for APACHE_SERVER_FLAGS and add SSL like this:
| |
− | APACHE_SERVER_FLAGS="SSL"
| |
− | <li>restart apache2</li>
| |
− | /etc/init.d/apache2 restart
| |
− | <li>make sure you have content to show</li>
| |
− | echo "this is a test" >> /srv/www/htdocs/index.html
| |
− | <li>test your configuration</li>
| |
− | wget --no-check-certificate --no-proxy https://localhost
| |
− | </ol>
| |
− | | |
− | = get a new certificate =
| |
− | To get a new certificate
| |
− | * backup your old certificate:
| |
− | cd
| |
− | cp /etc/apache2/ssl.crt/server.crt .
| |
− | * create a new certificate, e.g. for ''newhostname.domain''
| |
− | genssl -n ''newhostname.domain''
| |
− | * restart [[apache]]
| |
− | /etc/init.d/apache2 restart
| |
− | | |
− | = See also =
| |
− | * [[security]]
| |
− | * [[apache]]
| |