How can I quickly enable SSL with Apache2?

Jeremy Pavlov July 21, 2008 4 Comments

So you’ve built a Linux server, and you’re testing it out, and you want to enable SSL for encrypting your http traffic in testing or non-production use. Right. No prob. I’ve put together an extremely quick cheat-sheet on how to do it on a Suse server, and some of it applies to other distros as well. Here we go…

First, please start by reading some of this (if present): /etc/sysconfig/apache2 …there are a few good suggestions (as well as a bunch of configuration options) to get you started. The steps below are based on the things mentioned there.

Now, to create the certificate(s) for use, you can do it one of two quick-and-easy ways:

Option 1: To create a test certificate from “Snake Oil CA” as root, run:
cd /usr/share/doc/packages/apache2; ./certificate.sh
…and fill in the values as prompted.

Option 2: To create a self-named CA, self-signed cert, do this instead:
/usr/bin/gensslcert -c US -s MI -l "Southfield" -o "Your Linux Guy" -e jpavlov@yourLinuxGuy.com -d -n www.yourLinuxGuy.com
…or similar; of course customize to taste. This is actually my preferred test method, over the “Snake Oil” stuff. Use the following command to get the options:
/usr/bin/gensslcert --help

Then, in /etc/sysconfig/apache2 make the following changes/validations:
– Ensure the APACHE_MODULES section includes ssl
– Add SSL to the APACHE_SERVER_FLAGS section

Also, in /etc/apache2/vhosts.d/ do the following things:
– Copy vhost-ssl.template to vhost-ssl.conf
– Edit vhost-ssl.conf, and change:
“ServerName” to match your server’s name in /etc/hosts
“ServerAdmin” to your email address

Finally, restart apache with:
rcapache2 stop
rcapache2 start

You are done! Now hit your webserver at https://yourServerName/ and enjoy the SSL goodness.

Enjoy…

🙂