ubuntu apache2 https
1. enable the module ssl by:
sudo a2enmod ssl
2.after you have enabled module ssl , you will have to restart the web server for the change to be recognized:
sudo service apache2 restart
now ,the web server is able to handle ssl
3. create a directory to place the certificate files that will be maked:
sudo mkdir /etc/apache2/ssl
4.create our key and certificate
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
let's go over what this means :
- openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
- req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
- -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
- -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
- -days 365: This specifies that the certificate we are creating will be valid for one year.
- -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The
rsa:2048
tells OpenSSL to generate an RSA key that is 2048 bits long. - -keyout: This parameter names the output file for the private key file that is being created.
- -out: This option names the output file for the certificate that we are generating.
when you hit "ENTER" , you will be asked some questions , answer it ....
then, the key and certificate will be created and placed in the /etc/apache2/ssl directory
now ! ! ! ! ! ! ! ! ! ! ! we will configure apache to use ssl
open the file with your editor
sudo vi /etc/apache2/site-available/default-ssl.conf
what we should modify is the content with red
<IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin admin@example.com ServerName your_domain.com ServerAlias www.your_domain.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
save and exit the file when you finished
then we enable it by:
sudo a2ensite default-ssl.conf
restart our web server
sudo service apache2 restart
now you can test it in your explorer
https://server_domain_name_or_IP:443
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步