Enabling SSL on Apache
IMPORTANT NOTE: I experienced that if I export my certificate files (certificate.crt file as primary.crt) and keep them somewhere for a while and then if I import those certificate file on my server to be used with apache. They cause Apache service to FAIL just after I run "a2enmod" ssl command. So export your certificates again everytime you need certs on new apache servers.
In my case, I have a pfx certificate that I got from GlobalSign and I need to convert this certificate to crt and get private key out of it in order to use on the Apache SSL Setup.
I am using OpenSSL and run following 3 openssl commands to have the certificate files that I need:
Run the following command to export the private key: (This will generate key.pem)
openssl pkcs12 -in certname.pfx -nocerts -out key.pem –nodes
Run the following command to remove the passphrase from the private key: (This will generate server.key)
openssl rsa -in key.pem -out server.key
Run to convert certificate file pfx to crt (This will generate certificate.crt)
openssl pkcs12 -in certname.pfx -clcerts -nokeys -out certificate.crt
Rename server.key file as private.key and rename certificate.crt file as primary.crt.
Copy these 2 files to apache server. You can use WinSCP to copy these files from Windows to Linux. The files will be copied to /home/linuxuser folder
Create a folder for your certificates and set permission 700 for that folder
mkdir -p /etc/apache2/ssl
chmod 700 /etc/apache2/ssl
Copy your primary.crt and private.key to /etc/apache2/ssl folder.
cp /home/serveradm/primary.crt /etc/apache2/ssl
cp /home/serveradm/private.key /etc/apache2/ssl
Edit your /etc/hosts file and add your websites address
nano /etc/hosts
x.x.x.x yourwebsite.com
Modify Default SSL config:
nano /etc/apache2/sites-available/default-ssl.conf
--------------------------------------------
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName yourserver.yourdomain.com
ServerAlias yourserver.yourdomain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/primary.crt
SSLCertificateKeyFile /etc/apache2/ssl/private.key
</VirtualHost>
</IfModule>
--------------------------------------------
Check if config is set correctly
apache2ctl configtest
Enable SSL for default-ssl
a2ensite default-ssl
Enable SSL module
a2enmod ssl
systemctl restart apache2
We just enable https access on Apache. If you need to redirect http request to https you can also edit your 000-default.conf file
Nano /etc/apache2/sites-available/000-default.conf
-----------------------------------------------------------
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
-----------------------------------------------------------
And Finally run the command below
a2enmod rewrite
- Hits: 3447