Topic: Adding SSL to Apache2 on Debian

Topic type:

How to enable SSL (https) on your Apache setup on Debian.

Creating a key

You can create signed and unsigned certs. There are dozens of tutorials on the web for this. I'm going to show a simple unsigned cert. For production sites, you'll want to get this signed. Google for instructions on how to do so. In the rest of this topic, replace site.url.com with the actual url people will use to access the site. For example, http://www.google.com/ would be www.google.com, while http://example.com/ would be example.com. Make sure that .key and .crt remain on the end of the file names.

# mkdir /etc/apache2/certs
# cd /etc/apache2/certs
# openssl req -new -x509 -nodes -out site.url.com.crt -keyout site.url.com.key

Then follow all the prompts and when you're done, you'll have a self signed cert ready for use.

Enable Apaches SSL support

To enabled ssl support in apache, do the following.

  • Enable SSL mod:
    # a2enmod ssl
  • Add the following line to /etc/apache2/ports.conf:
    Listen 443
  • In the file containing the VHost for the site you want SSL enabled for, add to it the following:
    NameVirtualHost *:443
    <VirtualHost *:443>
      SSLEngine on
      SSLCertificateFile /etc/apache2/certs/site.url.com.crt
      SSLCertificateKeyFile /etc/apache2/certs/site.url.com.key
      ServerName site.url.com
      .....
    </VirtualHost>
  • Forcably Reload your apache server:
    # /etc/init.d/apache2 force-reload

Finished

Hopefully everything went well and you'll be prompted to accept the cert when you visit the site now.

Discuss This Topic

There are 0 comments in this discussion.

join this discussion

Creative Commons Attribution-Share Alike 3.0 New Zealand License
Adding SSL to Apache2 on Debian by Kieran P is licensed under a Creative Commons Attribution-Share Alike 3.0 New Zealand License