SSL Encryption

Secure communication with your web server by using self-signed SSL certificates.

The typical method of enabling SSL encryption in Apache is to use mod_ssl. A downside of that approach is that SSL does not work with name-based Virtual Hosts (Why can't I use SSL with name-based/non-IP-based virtual hosts?). An alternative is to use mod_gnutls in order to have name-based SSL-enabled Virtual Hosts using the Server Name Indication (SNI) feature of the SSL/TLS protocol ca. However, SNI requires a newer web browser such as Firefox 2.x, Opera 8.x, Internet Explorer 7.x+, Google Chrome, Safara 3.2.1.

  • mod_ssl instructions:
    Enable SSL in Apache config
    Enable the SSL config file in the main Apache config, /usr/local/apache2/conf/httpd.conf by uncommenting:

    Include conf/extra/httpd-ssl.conf

    Edit the /usr/local/apache2/conf/extra/httpd-ssl.conf and comment out the default <VirtualHos> directive (all the lines in it).
    Virtual Hosts with SSL
    There's a variety of gotchas with using SSL with Virtual Hosts but by using a wildcard certificate, you can do it (though the end user will still get warnings).
    Edit /usr/local/apache2/conf/extra/httpd-vhosts.conf and add the

    NameVirtualHost *:443

    Then create an entry for your VirtualHost:

    <VirtualHost *:443>
      ServerName example.com
      ServerAlias www.example.com
      DocumentRoot /path/to/www.example.com
      # Note: SSL settings only need to be defined once!
      SSLEngine On
      SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
      SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
    </VirtualHost>

    For additional VirtualHosts, you can omit the key information:

    <VirtualHost 192.168.1.200:80 192.168.1.200:443>
    ServerName subsite.example.com
    DocumentRoot /path/to/subsite.example.com
    </VirtualHost>
  • mod_gnutls instructions:

Restart Apache using daemontools:

svc -t /service/apache

Verify that it all works by accessing your site from your web browser. Be sure to use "https" instead of "http".

Resources
Guide to Webserver SSL Certificates

Recent Updates

  • 5 months 1 week ago
  • 5 months 1 week ago
  • 5 months 1 week ago
    php 8.x
  • 5 months 1 week ago
    10.6.7
  • 5 months 2 weeks ago
    Drop Centos 5/6 stuff