Bouthors.fr » English » Linux » Web Server (Apache) » HTTPS with Apache
Trace: HTTPS with Apache
Show pagesourceOld revisionsMedia Manager
Recent changesSitemap
Translations of this page:

Menu

Index

Table of Contents
, , , ,

HTTPS with Apache

This page describes the activation of HTTPS with Apache.

Certificate creation

To generate a certificate (or a CSR), please take a look at OpenSSL.

Then copy the private key and the certificate inside a pem file, for example into /etc/apache2/ssl/.

ports configuration

To enable HTTPS, Apache needs to listen at the port 443. Check the file /etc/apache2/ports.conf : 

Listen 80
Listen 443

Module activation

mod-ssl needs to be enable : 

bender:/etc/apache2# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
bender:/etc/apache2# /etc/init.d/apache2 force-reload
Forcing reload of web server (apache2)... waiting .
bender:/etc/apache2#

SSL configuration

Finally, we need to enable SSL on a virtual host.
The commands commonly used are :

  • SSLEngine : enable or disable the ssl engine
  • SSLCertificateFile : defines the PEM file containing the key and the certificate
  • SSLCertificateChainFile : defines the optional chain file which contains intermediate certificates

Configuration example

NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/mat.homeftp.org.pem
 
        ServerAdmin webmaster@localhost
 
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                RedirectMatch ^/$ /apache2-default/
        </Directory>
 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
 
        ErrorLog /var/log/apache2/error.log
 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
 
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
 
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
 
</VirtualHost>

Links

en/linux/serveur_web/ssl.txt · Last modified: 2011/12/07 15:14 by matthieu
Show pagesourceOld revisions
BacklinksBack to top
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki