HTTPS for Apache web server
Normally the Apache web server listens to Port 80 which is the HTTP port. If you want to make a secure web site which may be verified by an external signature then you will need HTTSP. For this SSL connection you will use port 443. For Apache you can configure the HTTPS protocol the following way.
Create a certificate
For a trusted connection you need a certificate. You can create your own certificates, but if you want to guarantee the authenticity of a HTTPS source you have to get the certificate from a external trusted source. This can be expensive. If you search for a vendor you may find VeriSign. I will not recommend this vendor, it is only an example.
We do not want to buy a certificate. We want to create our own one. But remember, this certificate may not be trusted by browsers.
First we create a new directory to put all Apache2 SSL things into it:
mkdir crt mkdir key openssl req -new -x509 -days 365 -keyout key/vhost1.key -out crt/vhost1.crt -nodes -subj ‘/O=VirtualHost Website Company name/OU=Virtual Host Website department/CN=www.meinedomain.com’
With the openssl command we create two files. A vhost1.key file with a key and a vhost1.crt with the certificate. The data of the files depends mostly on the parameter you can set.
The configuration itself is quite simple if you already have a certificate. The only thing is to change the port of our virtual server to port 443. For this we configure the file of our site in the sites-avaliabel Apache2 directory. The newly created or changed lines may look like these (this is my example configuration):
<VirtualHost *:443> ServerAdmin email@example.com DocumentRoot /var/www/vhost1 ServerName vhost1.yourdomain.com DirectoryIndex index.php SSLEngine On SSLCertificateFile /etc/apache2/ssl/crt/vhost1.crt SSLCertificateKeyFile /etc/apache2/ssl/key/vhost1.key </VirtualHost>
The last lines are important. Here we activate the SSLEngine and define the paths to the key file and the certificate file.
After an Apache2 restart the HTTPS protocol should work.
If something does not work as expected it is possible that the Apache2 restart does not work. I got a ‚Configtest failed‘ exception. For this error we need to activate some Apache2 modules:
sudo a2enmod rewrite sudo a2enmod ssl
You need mod_rewrite and mod_ssl. Then everything should work fine.