Ubuntu 14.04 on the Apache 2.4 Install SSL Extensions tutorial

Secure Sockets Layer, or SSL, is a standard security technique for encrypting connections between Web sites and browsers. This ensures that the data transferred between the server and the browser remains private and secure. It is used by thousands of people to protect their communications with customers. To enable SSL linking, the Web server requires an SSL certificate to be installed.

You can create your own SSL certificate, but this default will not be trusted by the browser, to solve this problem, you need to purchase a certificate from a trusted certification authority (CA), we will show you how to obtain the certificate and install in Apache.

Generate a Certificate signing request

The Certificate Authority (CA) will require you to generate a certificate signing request (CSR) on your server. This is a very simple process, just a little while, you need to run the following command on your server and enter the information you need:

# OpenSSL Req-new-newkey rsa:2048-nodes-keyout yourdomainname.key-out YOURDOMAINNAME.CSR

The output will look like this:


This step generates two files: a private key file for decrypting the SSL certificate, and a certificate signing request (CSR) file for your SSL certificate.

Depending on the organization you are applying for, you will need to upload a CSR file or paste the contents of the file in a Web site form.

Install the actual certificate in Apache

After the build step is complete, you will receive a new digital certificate. In this tutorial we used Comodo SSL and received a certificate in a ZIP file it sent us. To use it in Apache, you first need to use the following command to create a combined certificate with the received certificate:

# cat Comodorsadomainvalidationsecureserverca.crt comodorsaaddtrustca.crt addtrustexternalcaroot.crt > Bundle.crt



Use the following command to ensure that the SSL module has been loaded into Apache:

# A2enmod SSL

If you see the "Module SSL already enabled" message that you are successful, if you see "Enabling Module SSL", then you need to restart Apache with the following command:

# Service Apache2 Restart

Finally, modify your virtual host file (usually under/etc/apache2/sites-enabled) as follows:

documentroot/var/www/html/
ServerName linoxide.com
Sslengine on
Sslcertificatefile/usr/local/ssl/crt/yourdomainname.crt
Sslcertificatekeyfile/usr/local/ssl/yourdomainname.key
Sslcacertificatefile/usr/local/ssl/bundle.crt

You should now be able to access your site using https://YOURDOMAIN/(note ' https ' instead of ' http ') and see the SSL progress bar (usually expressed in your browser with a lock).

Note: Now all content links must point to HTTPS, if some of the content on the site (such as pictures or CSS files, etc.) still point to the HTTP link, you will get a warning in the browser, to fix this problem, please make sure each link points to https.

REDIRECT HTTP requests to HTTPS on your site

If you want to redirect the regular HTTP request to HTTPS, add the following text to the virtual host you want to modify, or join the apache.conf if you want to add to all sites on the server:

Rewriteengine on
Rewritecond%{https} off
Rewriterule (. *) Https://%{http_host}%{request_uri}