UbuntuVideoCast

Apache Web Server works great out of a box but in some cases you like to secure your site with a certificate and this Article will walk you through it step by step enabling SSL and generating a certificate. The only down site with self-signed certificates is that they are not trusted in the public internet and the customer will see a certificate warning. This doesn’t mean it’s not working it’s just that the certificate could not be verified but if you continue with the certificate it still secures your connection.

Let’s get started and install Apache2 enter:

sudo apt-get install apache2

type in ps ax |grep apache and you should see something like that:

23783 ? Ss 0:00 /usr/sbin/apache2 -k start
23787 ? S 0:00 /usr/sbin/apache2 -k start
23788 ? Sl 0:00 /usr/sbin/apache2 -k start
23789 ? Sl 0:00 /usr/sbin/apache2 -k start

that means the installation worked and apache is running. Now start firefox and enter the address of your web server in the URL and you should see this:

Great everything work the way it should. Now let’s create a certificate. First of all create a directory where we place our certificate. Type in:

sudo mkdir /etc/apache2/ssl

now create a certificate with the following command (it’s all in one line):

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

now openssl will ask you a bunch of questions. Let’s go over those together:

Generating a 2048 bit RSA private key
……………………………..+++
……………….+++
writing new private key to ‘/etc/apache2/ssl/apache-test.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New Mexico
Locality Name (eg, city) []:Albuquerque
Organization Name (eg, company) [Internet Widgits Pty Ltd]:UbuntuVideoCast
Organizational Unit Name (eg, section) []:IT Department
Common Name (e.g. server FQDN or YOUR name) []:www.ubuntuvideocast.com
Email Address []:mstjohn1974@gmail.com

this above should give you a good idea what you should fill in on those questions. Now that this is done lets prepare Apache to use it. Type in:

sudo nano /etc/apache2/sites-available/default-ssl

and now go down till you see the SSLEngine on directive. Now below that you should see the following two directives:

SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

we have to change it to match our new certificate, it should something like that:

SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

save it and enable ssl on apache by issuing this commands:

sudo a2enmod ssl

sudo a2ensite default-ssl

and last but now least restart or reloading the new configuration. Type:

sudo service apache2 restart

and try to hit it with your browser. If everything works you should see something like this:

This is the warning I was talking about earlier. Click on the link “I understand the risk” and you will see this:

Click on the button “Add Exception” and you will see this:

Click on the “View” button to verify it is really our certificate that we set up. You should see something like that:

Everything is there ..great…click on close and on the remaining screen click on “Confirm security exception” and we are done and should see this:

Cool…..that’s it…I hope it helped you in getting an SSL Certificate installed and running with your Web Server. Let me know if you have any further questions. Please comment on this article.