HTTPS with Apache

This page describes the activation of HTTPS with Apache.

Certificate creation

To generate a certificate (or a CSR), please take a look at OpenSSL.

Then copy the private key and the certificate inside a pem file, for example into /etc/apache2/ssl/.

ports configuration

To enable HTTPS, Apache needs to listen at the port 443. Check the file /etc/apache2/ports.conf :

Listen 80
Listen 443

Module activation

mod-ssl needs to be enable :

bender:/etc/apache2# a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
bender:/etc/apache2# /etc/init.d/apache2 force-reload
Forcing reload of web server (apache2)... waiting .

SSL configuration

Finally, we need to enable SSL on a virtual host.
The commands commonly used are :

  • SSLEngine : enable or disable the ssl engine
  • SSLCertificateFile : defines the PEM file containing the key and the certificate
  • SSLCertificateChainFile : defines the optional chain file which contains intermediate certificates

Configuration example

NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                RedirectMatch ^/$ /apache2-default/
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        ErrorLog /var/log/apache2/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from ::1/128


en/linux/serveur_web/ssl.txt · Last modified: 2011/12/07 15:14 by matthieu
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki