matthew@seymour:~$ sudo a2enmod sslThis includes a default HTTPS configuration file, found in
/etc/apache2/sites-available/default-ssl. For HTTPS to
work, a certificate and a key are required. The default configuration includes
a certificate and key generated by the ssl-cert package, and they are
adequate for testing. However, for real use, you should either generate a self-
signed certificate and key (which is adequate for internal use or for personal
sites) or buy a certificate from a CA (which is necessary if you want anyone
to trust your site for commercial ventures).
To configure Apache2 for HTTPS using the default configuration for testing,
use this command:
Click here to view code image
matthew@seymour:~$ sudo a2enmsite default-ssl
After you restart Apache2, you can access web pages on your server by using
https://. This is adequate for testing but not for anything else.
Next we look at how to create a self-signed certificate and key, which is a step
in the right direction.
To generate a key for the certificate, use this command:
Click here to view code image
matthew@seymour:~$ openssl genrsa -des3 -out server.key 2048
This generates a basic key using Triple DES and 2,048-bit encryption. See the
man page for openssl for more information about possible settings.
To generate a certificate signing request (CSR), use this command:
Click here to view code image
matthew@seymour:~$ openssl req -new -key server.key -out server.csr
You are then asked for some information to complete the request.
To generate a self-signed certificate, use this command:
Click here to view code image
matthew@seymour:~$ openssl x509 -req -days 365 -in server.csr -
signkey server.key -out server.crt
This creates a certificate that is valid for 365 days. Certificates, even from
vendors, have expiration dates. Certificates should be renewed regularly to
reassure your site visitors that they are dealing with who they think they are
dealing with.
To copy the certificate to its proper location, use this command: