Security is a always a big concern and there’s no reason your website should go unsecure. You can secure your Apache website with a self-signed SSL certificate. This post describes the process using Apache 2.2 and OpenSSL on a Ubuntu Linux server.
Begin by generating a private key:
$ openssl genrsa -out mycert.key 1024
Next, generating a certificate request and enter the information:
$ openssl req -new -key mycert.key -out mycert.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: State or Province Name (full name) [Some-State]: Locality Name (eg, city) : Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) : Common Name (eg, YOUR name) : Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
Next, generate the self-signed certificate. You can specify the number of days the cert is valid for.
$ openssl x509 -req -days 365 -in mycert.csr -signkey mycert.key -out mycert.cert Signature ok subject=/C=/ST=/L=/O=/CN= Getting Private key
You no longer need the .csr request file. Create a folder and move the .key and .cert files into it:
$ sudo mkdir /etc/apache2/ssl $ sudo mv *.cert /etc/apache2/ssl $ sudo mv *.key /etc/apache2/ssl $ sudo chmod 400 /etc/apache2/ssl/*.key
If the cert is protected with a password, by default Apache will prompt for the password when it starts. This can be a problem since you will need to enter the password each time Apache is restarted. We can fix this by having Apache call a program that returns the password.
Create the shell script
/etc/apache2/ssl/password.sh and enter the following:
#!/bin/bash echo “password”;
Next we need to tell Apache to run the script. Apache’s SSL settings are stored in:
Edit the file and change the
The last step is to assign the certificate to your Apache site by editing the sites file:
You’ll need to configure the SSL settings for the site:
<VirtualHost 192.168.1.100:443> ... SSLEngine on SSLCertificateFile /etc/apache2/ssl/mycert.cert SSLCertificateKeyFile /etc/apache2/ssl/mycert.key ... </VirtualHost>
Don’t forget to tell Apache to listen on port 443 in the
/etc/apache2/ports.conf file. Restart Apache with
sudo apache2ctl restart and you should be a little closer to being secure.