In this blog post I’ll walk you through setting up SSL on Apache. When talking about SSL the popular choice is OpenSSL, an open source toolkit for implementing Secure Sockets Layer (SSL) and Transport Layer Security (TLS). So we will be using OpenSSL for this tutorial.
The first thing that you need to do is to determine the latest version of OpenSSL from the sources page. Its usually the one that has a red color. Once you find that, copy its address then use
wget to download it to your preferred directory:
Next create the directory where you want to install openssl:
Extract the archive:
cd into it:
Next execute the
config command to set the installation path for openssl and check for any errors. This should be the same as the directory you created earlier:
make to compile the source code. If this doesn’t work for you try adding
sudo before the actual command.
make is done and there aren’t any errors you can now execute
make install to install the source files in there appropriate directories.
Once that’s done you can verify that openssl is successfully installed by executing the following command:
Once you’re done with installing openssl you can now assign it to a variable:
And then add it to your system path:
Next create a private key:
In the above command
genrsa 2048 tells openssl to generate an RSA key that is 2048 bits long. RSA is basically just an algorithm used for encryption.
Next create a CSR (Certificate Signing Request) using the private key that we have just generated:
The command above will ask for the following:
- Country Name – use the 2 letter abbreviation of your country name
- State or Province – (e.g California)
- Locality Name – (e.g Palm Desert)
- Organization Name – name of your company
- Organization Unit – name of website
- Common Name – domain name of website (e.g mywebsite.com)
- Email Address – your email address
The information above will be used for the certificate that will be assigned to you later on so be sure to supply the correct information.
Enable SSL on Apache
Now that we have generated all the keys we need we can now configure apache to use those keys. First you have to enable the SSL module by executing the following command:
Then restart apache for changes to take effect:
Next edit the ssl configuration file for apache:
Comment out the following lines by adding a pound (#) sign before them:
Next look for the following line:
And then under it set the server information:
1 2 3 4
Next look for
SSLEngine On and then under it add the following:
SSLCertificateFile is where you specify the path to your websites digital certificate. I didn’t cover this step because there are a lot of certificate authorities out there. So far I’ve only tried with Namecheap and its pretty easy to acquire a certificate from them. Just create an account and then log in to it. Once you’re logged in just click on the security menu then select SSL certificates. From there just click on the button under the domain validation, add your preferred certificate to the cart and then just go through the steps. Once you have purchased a certificate just hover over your user name on the upper left side of the screen and then select manage ssl certificates. That will bring you to the page where all your certificates are listed. By default its just sitting there waiting to be configured. So all you have to do is configure it then select
Apache + OpenSSL when it asks for your server configuration. And then it will ask for the csr. Just copy the contents of the
csr.pem file that we generated earlier and paste it on the textarea which is asking for it. After that just click on submit and go through the steps provided by namecheap. Once everything is ok namecheap will send you the certificate via email. Just copy it and then save it on your server. The path to that file is what you need to assign to the
SSLCertificateFile in apache.
Next is the
SSLCertificateKeyFile that’s the path to your private key. In our case its the
Once that’s done you just have to enable it:
And then restart apache so that the changes will take effect:
That’s it! Enjoy your new https enabled website. The next step would be to redirect all http request to https but I’ll leave that one to you.