Configuring Apache 2.2 for SSL

I've just configured Apache for SSL and it took longer than I thought it should. I didn't find any straightforward instructions on the web so here's what I eventually did - after a deal of experimentation. These worked for me running apache 2.2.8 under Linux - Hardy Heron.

I generated a self-certified certificate:

openssl req -new -x509 -nodes -out /etc/apache2/server.crt -keyout /etc/apache2/server.key

I enabled ssl:

cd /etc/apache2/mods-enabled ln -s ../mods-available/ssl.load ssl.load ln -s ../mods-available/ssl.conf ssl.conf

I edited the file /etc/apache2/sites-enabled/default so it includes the following at the end:

‹VirtualHost localhost:443› DocumentRoot /var/www/ SSLEngine On SSLCertificateFile /etc/apache2/server.crt SSLCertificateKeyFile /etc/apache2/server.key ‹/VirtualHost›

This should serve all https requests from /var/www.

I restarted apache and used openssl to check things are good:

openssl s_client -connect localhost:443

I was hoping to see output such as:

CONNECTED(00000003) depth=0 /C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost verify error:num=18:self signed certificate verify return:1 depth=0 /C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost verify return:1 --- Certificate chain 0 s:/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost i:/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost --- Server certificate -----BEGIN CERTIFICATE----- ... etc ... -----END CERTIFICATE----- subject=/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost issuer=/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost --- No client certificate CA names sent --- SSL handshake has read 915 bytes and written 308 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit ... etc etc ... Verify return code: 18 (self signed certificate) ---

and I did!

This site uses cookies. Continue to use the site as normal if you are happy with this, or read more about cookies and how to manage them.