{{tag>en en:linux en:server en:web en:ssl}}
====== HTTPS with Apache ======
This page describes the activation of HTTPS with [[en:linux:serveur_web|Apache]].
===== Certificate creation =====
To generate a certificate (or a CSR), please take a look at [[en:linux:Openssl]].
Then copy the private key and the certificate inside a pem file, for example into ///etc/apache2/ssl///.
===== ports configuration =====
To enable HTTPS, Apache needs to listen at the port 443. Check the file ///etc/apache2/ports.conf// :
Listen 80
Listen 443
===== Module activation =====
mod-ssl needs to be enable :
bender:/etc/apache2# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
bender:/etc/apache2# /etc/init.d/apache2 force-reload
Forcing reload of web server (apache2)... waiting .
bender:/etc/apache2#
===== SSL configuration =====
Finally, we need to enable SSL on a virtual host.\\
The commands commonly used are :
* SSLEngine : enable or disable the ssl engine
* SSLCertificateFile : defines the PEM file containing the key and the certificate
* SSLCertificateChainFile : defines the optional chain file which contains intermediate certificates
===== Configuration example =====
NameVirtualHost *:443
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/mat.homeftp.org.pem
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
Options FollowSymLinks
AllowOverride None
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
RedirectMatch ^/$ /apache2-default/
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
===== Links =====
* [[en:linux:serveur_web]]