APACHE AND SSL: HTTPS CONFIGURATION

HTTPS configuration and certificate creation

APACHE AND SSL: HTTPS CONFIGURATION
Home | APACHE AND SSL: HTTPS CONFIGURATION
Categorie: Tn Solutions,

Apache and SSL certification

Create a CSR and install your SSL certificate on your Ubuntu server with Apache 2 using OpenSSL.

To use OpenSSL in order to create a CSR and then install the SSL certificate on the Ubuntu server with Apache2, use the instructions on this page.
NB: after installing the SSL / TLS certificate and configuring the server to use it, you need to restart the Apache2 instance.

For Apache instructions, see Apache: Create CSR and Install SSL Certificate (OpenSSL). For other instructions on the OS platform, see Creating a CSR (Certificate Signing Request).

You can use these instructions to create OpenSSL CSR and install all types of DigiCert SSL certificates on the Ubuntu server with Apache2: standard SSL, EV SSL, multi-domain SSL, EV multi-domain SSL and SSL Wildcard.

  1. To create your certificate signing request (CSR), consult Ubuntu with Apache2: Creating your CSR with OpenSSL
  2. To install the SSL certificate, consult Ubuntu with Apache2: Installing and configuring the SSL certificate

Ubuntu with Apache2: Creating your CSR with OpenSSL

Use the instructions in this section to create shell commands to generate Ubuntu with CSR Apache2 with OpenSSL.

How to generate a CSR for Ubuntu with Apache 2 using OpenSSL
If you prefer to create your shell commands to generate Ubuntu with CSR Apache2, follow the instructions below.

1. Access your server through the terminal client (ssh)
2. Execute command

At the prompt, type the following command:
NB: make sure you replace the server with the name of your server.

ssl certificate

3. Generate files

a. Now you have started the process to generate the following two files:

  • Private-Key File: used to generate the CSR and subsequently to protect and verify connections using the certificate.
  • CSR (Certificate Signing Request) file: used to order the SSL certificate and then to encrypt the messages that can be deciphered only with the corresponding private-key.

b. When prompted for the common name (domain name), type the fully qualified domain name (FQDN) for the site you want to protect.
NB: if you are generating an Apache CSR for a certified Wildcard, make sure that your common name starts with an asterisk (eg *. Example.com).

c. When requested, enter the organizational information, starting from the geographical information.
NB: you may have already set the default information.

d. Now, your OpenSSL .csr file has been created.

4. Order your SSL / TLS certificate

a. Open the .csr file you created in a text editor.
b. Copy the text, including the – START THE NEW CERTIFICATE REQUEST (BEGIN NEW CERTIFICATE REQUEST) – and – END OF THE NEW CERTIFICATE REQUEST (END NEW CERTIFICATE REQUEST) – label it and paste it into the DigiCert order form.

5. Save the Private-Key

Save (backup) the generated key file. You will need it later to install your SSL certificate.

6. Install certificate

After receiving the SSL certificate from DigiCert, you can install it on your server.

Ubuntu with Apache2: Installation and configuration of the SSL certificate

If you still need to create a certificate signing request (CSR) and order the certificate, consult Ubuntu with Apache2: How to use OpenSSL to create your own CSR.

After validating and issuing the SSL certificate, you can install it on Ubuntu with the Apache2 server (where the CSR was generated) and configure the server to use the certificate.

How to install and configure the SSL certificate on your Ubuntu server with Apache2

1. Copy the certificate files to your server

a. Log in to your DigiCert account and download the intermediate files (DigiCertCA.crt) and your primary certificate (your_domain_name.crt).
b. Copy these files, along with the .key file generated during the creation of the CSR, to the directory on the server where you keep the certificate and the key files.
NB: make them readable only by root to increase security.

2. Find the Apache configuration file you need to modify

The location and name of the configuration file may vary from server to server, especially if a special interface is used to manage the server configuration.

  • The Ubuntu server with the main Apache2 configuration file for your SSL / TLS site is typically located in / etc / apache2 / sites-enabled / your_site_name.
  • If it was not found in the “sites-enabled” directory, run the following command.
    sudo a2ensite your_site_name
  • Open the file with a text editor and find the blocks that contain the Apache settings.

3. Identify the SSL block you need to configure

If your site needs to be accessible through secure (https) and unsecured (http) connections, you need two separate files in / etc / apache2 / sites-enabled /. One file is for port 80 and the other file is for port 443. Configure both files for SSL as described in step 4.

If you want to securely access your site, configure the existing virtual host for SSL as described in step 4.

4. Configure the block for the SSL-enabled site

a. Below is a very simple example of a virtual host configured for SSL. The blue parts are the ones you need to add to configure the SSL configuration; may be present throughout the file.

SSL certificated file

b. Make sure to arrange the file names to match your certified files.

  • SSLCertificateFile is the DigiCert certificate file (for example, your_domain_name.crt).
  • SSLCertificateKeyFile is the .key file generated when you created the CSR (for example, your_private.key).
  • SSLCertificateChainFile is the DigiCert intermediate certificate file (eg, DigiCertCA.crt).

NB: if the SSLCertificateChainFile directive does not work, try using the SSLCACertificateFile directive instead.

5. Test the Apache2 configuration file before restarting

As a good practice, check your Apache2 configuration file for errors before restarting Apache.
Warning: Apache2 will not restart if the configuration files show syntax errors.
Run the following command to test the configuration file (on some systems, it is apache2ctl):
apachectl configtest

6. Restart Apache2

You can use apachectl commands to stop and start Apache2 with SSL support.
apachectl stop
apachect1 start

Restart notes:
If Apache2 doesn’t reboot with SSL support, try using apachectl startssl instead of apachectl start. If SSL support is only run with startssl apachectl, we recommend adjusting the apache boot configuration to include SSL support in the normal apachectl start command. Otherwise, the server may require manual reboot of Apache2 using apachectl startssl if the server is restarted. This usually involves removing tags and enclosing the SSL configuration.

7. Congratulations! You have successfully installed your SSL certificate

Test of SSL / TLS certificate installation

1. Browser test

a. For best results, be sure to close your browser first and then launch it.
b. Visit your site with the secure https URL (for example, go to https://www.example.com not http://www.example.com).
c. Make sure you test your site with other browsers that are not just Internet Explorer. Download missing intermediate certificates.

2. Diagnostic tool for DigiCert® SSL installation

If your site is publicly accessible, use our Server Certificate Tester to test the installation of the SSL / TLS certificate; it detects common installation problems.

Configuration and useful commands

Install Apache2
Required to use SSL / TLS certificates:
sudo apt-get install apache2

Enable SSL module

1. Replace “default-ssl” with the real site name you set in / etc / apache2 / sites-available /
sudo a2enmod ssl

2. Once the site listed in the previous command is enabled, the site appears in / etc / apache2 / sites-enabled

Apply the SSL module to the site
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 restart

Cipher Suite

  • Once you run the sudo a2enmod ssl command, edit the ssl.conf file in / etc / apache2 / mods-enabled
  • If you haven’t run the a2enmod command yet, preconfigure the ssl.conf file in / etc / apache2 / mods-available

Talk to an expert

Fill out the form and you will be contacted by one of our technicians

We are ready to listen to your every need and transform it into your best technological ally Agency. Request an initial free consultation with one of our specialized IT technicians now

    IT Support Contracts

    IT Support Contracts

    What is an IT Support Contract? An IT support contract is an agreement where a company provides technical assistance and maintenance services for a client’s IT devices, covering both hardware and software components. Typically, such contracts include a wide range of services, from tech help desk support to routine maintenance of computers, servers, telephone systems, ... IT Support Contracts
    NIS2 – Network and Information Systems Security:

    NIS2 – Network and Information Systems Security:

    Introduction to NIS2 The security of networks and information systems has become a critical concern for IT companies. With the rapid growth of digitalization and connectivity, cybersecurity risks have surged exponentially. To address these challenges, the European Union introduced the NIS2 Directive (Network and Information Systems Directive 2), aimed at enhancing the security of networks ... NIS2 – Network and Information Systems Security:
    Creating an IT Emergency Plan: A Detailed Guide

    Creating an IT Emergency Plan: A Detailed Guide

    Plan for the Unpredictable Introduction An IT emergency plan is a critical document outlining the steps to take during emergencies, such as stakeholder communication, crisis management, and service recovery. The main goal is to ensure business continuity and minimize negative impacts during disruptions or disasters. 1. Identify Critical Resources Critical resources are essential components for ... Creating an IT Emergency Plan: A Detailed Guide