{{tag>en en:linux en:server en:web en:ssl}}
====== HTTPS with Apache ======
This page describes the activation of HTTPS with [[en:linux:serveur_web|Apache]].


===== Certificate creation =====

To generate a certificate (or a CSR), please take a look at [[en:linux:Openssl]].

Then copy the private key and the certificate inside a pem file, for example into ///etc/apache2/ssl///.


===== ports configuration =====
To enable HTTPS, Apache needs to listen at the port 443. Check the file ///etc/apache2/ports.conf// :
<file>
Listen 80
Listen 443
</file>


===== Module activation =====
mod-ssl needs to be enable :

<code>
bender:/etc/apache2# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
bender:/etc/apache2# /etc/init.d/apache2 force-reload
Forcing reload of web server (apache2)... waiting .
bender:/etc/apache2#
</code>


===== SSL configuration =====
Finally, we need to enable SSL on a virtual host.\\
The commands commonly used are :
  * SSLEngine : enable or disable the ssl engine
  * SSLCertificateFile : defines the PEM file containing the key and the certificate
  * SSLCertificateChainFile : defines the optional chain file which contains intermediate certificates


===== Configuration example =====
<code apache>
NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/mat.homeftp.org.pem

        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                RedirectMatch ^/$ /apache2-default/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature On

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>
</code>

===== Links =====
  * [[en:linux:serveur_web]]