Configure the ssl Secure Connection of Apache

Source: Internet
Author: User

Step 1: generate an ssl certficate File
First of all, you can install apache2 normally. Then:

Generate a 1024-bit RSA private key and save it as/etc/apache2/ssl/apache. pem. If you already have a CA certificate, you can use it directly or generate the private key (this should be another topic, and I have never used it ).

Apache2-ssl-certificate Execution Process to answer some questions, as follows, note that if [] has given the default value, and you want to leave this blank, you can enter the English periods ".":

State or Province Name (full name) [Some-State]:.
Locality Name (eg, city) []:
Organization Name (eg, company; recommended) []:.
Organizational Unit Name (eg, section) []:.
Server name (eg. ssl. domain. tld; required !!!) []: Localhost
Email Address []: fwolf@mail.com
Generally, the server name is more convenient than the actual website domain name.

Step 2: Enable ssl mod

Or

:/Etc/apache2/mod-enabled $ sudo ln-s ../mod-available/ssl. load ssl. load
Step 3: add the listening port and configure the virtual host
Add port: in/etc/apache2/ports. add a line "Listen 443" in the conf file. Obviously, if you want the default port 80 to use ssl, you can skip this step and slightly adjust it in the subsequent configuration.

In the configuration file conf of the apache Virtual Host, add the SSL definition in the segment, for example:

ServerAdmin Fwolf
ServerName www.fwolf.com
SSLEngine On
SSLCertificateFile/etc/apache2/ssl/apache. pem

DirectoryIndex index. php index.html. var

Restart apache to access the website over https.

If you want to configure port 80 to Use https by default, you do not need to go to ports first. added the 443 listening in conf, followed by the VirtualHost configuration without the: 443, but even so, after the configuration is complete, use the http://www.domain.com to access the configured site, the following message is displayed:

Bad Request
Your browser sent a request that this server cocould not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: https://www.fwolf.com/

This is because the use of http to access an https port, the simplest solution is to use https://www.domain.com: 80/instead, but by modifying the apache configuration, redirecting http access to port 80 to https access to port 443 will be better, as shown in the following Configuration:

<VirtualHost *: 80>
Redirect permanent/https: // localhost/
Namevirtualhost*: 443
<VirtualHost *: 443>
ServerAdmin Fwolf
ServerName www.fwolf.com

SSLEngine On SSLCertificateFile/etc/apache2/ssl/apache. pem...
In this way, all http access will be automatically redirected to https access. However, if you can only open one port on the internet, it will be more troublesome, at the same time, https can only contain one site (multiple sites cannot be identified through ServerName ).

If you can bind http and https protocols to a port at the same time, it seems more convenient for users to access. However, this is not possible in many places, encryption and plaintext protocols cannot exist on one port at the same time. A solution is provided here. Although my experiment is not successful, I still paste the code, if you are interested, continue the study.

RewriteEngine on
RewriteCond % {HTTPS }! = On
RewriteRule ^/(. *) $ https: // % {SERVER_NAME}/$1 [R = permanent]
</IfDefine>
One small problem: how can I generate a pem file that is only valid for one month? Is this the default one? What will happen after the pem file expires?

Update @ 20070126

The default pem file is only valid for one month. It can still be used after expiration, but a confirmation prompt is displayed on the client, so when the certificate is generated, remember to use the-day x parameter to specify the validity period, such as 10 years.

(When the pem file already exists, use the-force parameter to specify the overwrite mode)

Refer:
Need Apache2 SSL howto
Apache2 SSL
You're speaking plain HTTP to an SSL-enabled server port.-help please!

Update @ 2007-07-31
Ubuntu 7.04 feisty does not have the apache2-ssl-cerfiticate command, you need to download a package, and then extract, put the ssleay. cnf copies to/usr/share/apache2/, and then another executable file apache2-ssl-certificate that can be decompressed to generate the certificate.

See:

Apache2-ssl-certificate has gone missing since feisty
Installation of SSL on Ubuntu 7.04

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.