How can I quickly enable SSL with Apache2?

So you’ve built a Linux server, and you’re testing it out, and you want to enable SSL for encrypting your http traffic in testing or non-production use. Right. No prob. I’ve put together an extremely quick cheat-sheet on how to do it on a Suse server, and some of it applies to other distros as well. Here we go…

First, please start by reading some of this (if present): /etc/sysconfig/apache2 …there are a few good suggestions (as well as a bunch of configuration options) to get you started. The steps below are based on the things mentioned there.

Now, to create the certificate(s) for use, you can do it one of two quick-and-easy ways:

Option 1: To create a test certificate from “Snake Oil CA” as root, run:
cd /usr/share/doc/packages/apache2; ./certificate.sh
…and fill in the values as prompted.

Option 2: To create a self-named CA, self-signed cert, do this instead:
/usr/bin/gensslcert -c US -s MI -l "Southfield" -o "Your Linux Guy" -e jpavlov@yourLinuxGuy.com -d -n www.yourLinuxGuy.com
…or similar; of course customize to taste. This is actually my preferred test method, over the “Snake Oil” stuff. Use the following command to get the options:
/usr/bin/gensslcert --help

Then, in /etc/sysconfig/apache2 make the following changes/validations:
– Ensure the APACHE_MODULES section includes ssl
– Add SSL to the APACHE_SERVER_FLAGS section

Also, in /etc/apache2/vhosts.d/ do the following things:
– Copy vhost-ssl.template to vhost-ssl.conf
– Edit vhost-ssl.conf, and change:
ServerName” to match your server’s name in /etc/hosts
ServerAdmin” to your email address

Finally, restart apache with:
rcapache2 stop
rcapache2 start

You are done! Now hit your webserver at https://yourServerName/ and enjoy the SSL goodness.

Enjoy…

šŸ™‚

4 Comments

  1. Pingback: Your Linux Guy .com » Blog Archive » How do I set up iFolder3.8 on Opensuse11.1?

  2. Chris

    Hi Jeremy,

    I followed the instruction given above, I got the follwoing error:

    Secure Connection Failed

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)

    Do you know why it happened?
    Thanks.

    Cheers,
    Chris

  3. Jeremy Pavlov

    @ Chris

    Hmm… I’m betting something is not right in your vhost-ssl.conf. Besides the settings I mention above, make sure that the following other options are enabled:
    SSLEngine on
    SSLCipherSuite (set to the defaults should be fine)
    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key

    …I hope that helps…
    – Jeremy

  4. Chris

    Hi Jeremy,

    Thanks! I finally found that it is my mistake. I copied vhost-ssl.template to vhost-ssl other than vhost-ssl.conf.

    Cheers,
    Chris.

Leave a Comment

Your email address will not be published. Required fields are marked *