SSL Encryption

Secure communication with your web server by using self-signed SSL certificates.

The typical method of enabling SSL encryption in Apache is to use mod_ssl. A downside of that approach is that SSL does not work with name-based Virtual Hosts (Why can't I use SSL with name-based/non-IP-based virtual hosts?). An alternative is to use mod_gnutls in order to have name-based SSL-enabled Virtual Hosts using the Server Name Indication (SNI) feature of the SSL/TLS protocol ca. However, SNI requires a newer web browser such as Firefox 2.x, Opera 8.x, Internet Explorer 7.x+, Google Chrome, Safara 3.2.1.

  • mod_ssl instructions:
    Enable SSL in Apache config
    Enable the SSL config file in the main Apache config, /usr/local/apache2/conf/httpd.conf by uncommenting:

    Include conf/extra/httpd-ssl.conf

    Edit the /usr/local/apache2/conf/extra/httpd-ssl.conf and comment out the default <VirtualHos> directive (all the lines in it).
    Virtual Hosts with SSL
    There's a variety of gotchas with using SSL with Virtual Hosts but by using a wildcard certificate, you can do it (though the end user will still get warnings).
    Edit /usr/local/apache2/conf/extra/httpd-vhosts.conf and add the

    NameVirtualHost *:443

    Then create an entry for your VirtualHost:

    <VirtualHost *:443>
      DocumentRoot /path/to/
      # Note: SSL settings only need to be defined once!
      SSLEngine On
      SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
      SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key

    For additional VirtualHosts, you can omit the key information:

    DocumentRoot /path/to/
  • mod_gnutls instructions:

Restart Apache using daemontools:

svc -t /service/apache

Verify that it all works by accessing your site from your web browser. Be sure to use "https" instead of "http".

Guide to Webserver SSL Certificates

Recent Updates

  • 2 years 1 month ago
  • 2 years 1 month ago
  • 2 years 1 month ago
    php 8.x
  • 2 years 1 month ago
  • 2 years 1 month ago
    Drop Centos 5/6 stuff