Click here to view code image
matthew@seymour:~$ cp server.crt /etc/ssl/certs/
To copy the key to its proper location, use this command:
Click here to view code image
matthew@seymour:~$ cp server.key /etc/ssl/private/
Next we look at how to edit the file /etc/apache2/sites-
available/default-ssl to change the values of these lines to what we
show here:
Click here to view code image
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
This tells Apache2 to use SSL and where to find the proper certificate and key
files.
To configure Apache2 for HTTPS using the edited default configuration with
the self-signed certificate and key file, use this command:
Click here to view code image
matthew@seymour:~$ sudo a2enmsite default-ssl
When you restart Apache2, you are asked to input the certificate’s key
password. Enter it when requested. You now have a server that is secure and
good for internal use but not for a customer-facing production environment.
The best thing to do if you are going to host a professional site is to use a CA.
Every CA has a preferred method, and you should read a CA’s requirements
before you use that CA. The basic process is usually like this:
- Create a private and public encryption key pair.
- Create a certificate based on the public key.
- Create a certificate request with information about your server and the
company hosting it. - Send your certificate request and public key along with proof of your
company’s identity and payment to the CA. - Wait for the CA to verify the request and your identity and send back a
certificate like the self-signed one created earlier, but signed by the CA. - Install that certificate on your server and configure Apache2 to use it.
A CA-signed certificate provides advantages. First, browsers are built with
data about most CAs and automatically recognize a signature from one of