Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols designed to provide secure communication over a computer network. While SSL is largely considered to be deprecated and insecure, TLS has become the standard for secure communications.
For those managing an Apache web server, you might require an SSL or TLS certificate for encrypted communication. Sometimes, especially in testing environments, self-signed certificates can be used instead of those provided by a Certificate Authority.
A self-signed certificate may not be suitable for production environments as browsers will often alert users that the certificate cannot be trusted. However, for development, testing, or internal use, they can be a cost-effective and quick solution.
$ sudo mkdir -p /etc/apache2/ssl
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
During the process, you'll be prompted to provide information for the certificate such as Country, State, and Common Name (domain name).
$ sudo a2enmod ssl Considering dependency setenvif for ssl: Module setenvif already enabled Considering dependency mime for ssl: Module mime already enabled Considering dependency socache_shmcb for ssl: Enabling module socache_shmcb. Enabling module ssl. See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates. To activate the new configuration, you need to run: systemctl restart apache2
$ sudo vi /etc/apache2/sites-available/example.com.conf
<VirtualHost *:443> ServerName example.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key </VirtualHost>
$ sudo a2ensite example.com Enabling site example.com. To activate the new configuration, you need to run: systemctl reload apache2
Make sure to backup any original configuration files before modifying them to avoid losing any previous settings. If everything is configured correctly, your site will be accessible via HTTPS using your self-signed certificate.
<VirtualHost *:80> ServerName example.com Redirect permanent / https://example.com/ </VirtualHost>
$ sudo systemctl restart apache2 # Ubuntu, Debian, openSUSE and SLES $ sudo systemctl restart httpd # CentOS and Red Hat
$ curl -kv https://example.com * Trying 127.0.0.1:443... * Connected to example.com (127.0.0.1) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server accepted http/1.1 * Server certificate: ##### snipped
Comment anonymously. Login not required.