Got a basic web server with ssl running on Apache under Ubuntu 12.04 LTS with a self signed certificate. Here are the steps I followed:
Installed Apache2:
$ sudo apt-get install apache2
Generated the certificate with openssl:
$ openssl genrsa -out ssltest.key 1024 $ openssl req -new -key ssltest.key -out ssltest.csr $ openssl x509 -req -days 365 -in ssltest.csr -signkey ssltest.key -out ssltest.cert
Moved the certificates to a dedicated directory:
$ sudo mkdir /etc/apache2/ssl $ sudo mv /home/cbroccoli/*.cert /etc/apache2/ssl $ sudo mv /home/cbroccoli/*.key /etc/apache2/ssl $ sudo chmod 400 /etc/apache2/ssl/*.key (make key read-only)
Created an ssl configuration file for the new site by copying the default file in /etc/apache2/sites-available:
sudo cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/sslsite.ssl
Updated sslsite.ssl with the following lines:
ServerName sslsite.com
ServerAlias *.sslsite.com
...
SSLCertificateFile /etc/apache2/ssl/ssltest.cert
SSLCertificateKeyFile /etc/apache2/ssl/ssltest.key
Started the ssl module:
$ sudo a2enmod ssl
Enabled the site:
$ sudo a2ensite sslsite.ssl
Restarted apache:
$ sudo service apache2 reload
I then accessed the site with the IP address and got the error message that the certificate is not secure as expected.
Access via IPv6 required an additional minor configuration for both http and https access to the page. In the file/etc/apache2/ports.conf, the following lines were added after the respective “Listen” lines which were already included.
Listen [fdc1:b20c:c011:1:20c:29ff:fe27:ec05]:80 ... Listen [fdc1:b20c:c011:1:20c:29ff:fe27:ec05]:443
By default, Apache see the wildcards (*) as only IPv4 addresses, so it needs these extra lines in addition to the lines with the wildcard.
Leave a Reply
You must be logged in to post a comment.