Difference between revisions of "Set up apache for https"

From Linuxintro
imported>ThorstenStaerk
Line 1: Line 1:
This article describes how you can secure your webpage running on [[apache2]] with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html
+
This article describes how you can secure your webpage running on [[apache2]] with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html.
  
This article assumes you know about SSL, https and certificates.
+
To forbid http (to only allow https) you can use Apache's [http://serverfault.com/questions/429634/restrict-apache-to-only-allow-access-using-ssl-for-some-directories SSLRequireSSL] configuration directive.
 
<ol>
 
<ol>
 
<li>[[set up apache]]</li>
 
<li>[[set up apache]]</li>

Revision as of 08:56, 16 October 2013

This article describes how you can secure your webpage running on apache2 with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html.

To forbid http (to only allow https) you can use Apache's SSLRequireSSL configuration directive.

  1. set up apache
  2. open a console as root
  3. set up your Certification authority and create dummy-certificates
  4. /usr/bin/gensslcert
  5. get your SSL Configuration from the given template
  6. cd /etc/apache2/vhosts.d cp vhost-ssl.template vhost-ssl.conf
  7. change your SSL Configuration
  8. have apache2 start per default with SSL. To do this, edit /etc/sysconfig/apache2. Search for APACHE_SERVER_FLAGS and add SSL like this: APACHE_SERVER_FLAGS="SSL"
  9. restart apache2
  10. /etc/init.d/apache2 restart
  11. make sure you have content to show
  12. echo "this is a test" >> /srv/www/htdocs/index.html
  13. test your configuration
  14. wget --no-check-certificate --no-proxy https://localhost

get a new certificate

To get a new certificate

  • backup your old certificate:
cd
cp /etc/apache2/ssl.crt/server.crt .
  • create a new certificate, e.g. for newhostname.domain
genssl -n newhostname.domain
/etc/init.d/apache2 restart

See also