Difference between revisions of "Set up apache for https"

From Linuxintro
imported>ThorstenStaerk
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This article describes how you can secure your webpage running on [[apache2]] with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html
+
I followed the instructions on https://letsencrypt.org/getting-started/ and in 11 minutes, I had my web server working with ssl certificates. I donated them money then as I think there is nothing better on this planet to get secure https. Before I did have https, but it showed as not trusted.
 
 
This article assumes you know about SSL, https and certificates.
 
<ol>
 
<li>[[set up apache]]</li>
 
<li>[[open a console]] as root</li>
 
<li>set up your Certification authority and create dummy-certificates</li>
 
/usr/bin/gensslcert
 
<li>get your SSL Configuration from the given template</li>
 
cd /etc/apache2/vhosts.d
 
cp vhost-ssl.template vhost-ssl.conf
 
<li>change your SSL Configuration</li>
 
have apache2 start per default with SSL. To do this, edit /etc/sysconfig/apache2. Search for APACHE_SERVER_FLAGS and add SSL like this:
 
APACHE_SERVER_FLAGS="SSL"
 
<li>restart apache2</li>
 
/etc/init.d/apache2 restart
 
<li>make sure you have content to show</li>
 
echo "this is a test" >> /srv/www/htdocs/index.html
 
<li>test your configuration</li>
 
wget --no-check-certificate --no-proxy https://localhost
 
</ol>
 
 
 
= get a new certificate =
 
To get a new certificate
 
* backup your old certificate:
 
cd
 
cp /etc/apache2/ssl.crt/server.crt .
 
* create a new certificate, e.g. for ''newhostname.domain''
 
genssl -n ''newhostname.domain''
 
* restart [[apache]]
 
/etc/init.d/apache2 restart
 
 
 
= See also =
 
* [[security]]
 
* [[apache]]
 

Latest revision as of 17:05, 13 August 2023

I followed the instructions on https://letsencrypt.org/getting-started/ and in 11 minutes, I had my web server working with ssl certificates. I donated them money then as I think there is nothing better on this planet to get secure https. Before I did have https, but it showed as not trusted.