Page tree
Skip to end of metadata
Go to start of metadata

 

It’s important to use SSL any time sensitive data is involved such as personal information, and authentication credentials such as passwords.
Your Linux system should be:

  • running Ubuntu
  • accessible over the internet
  • using a valid DNS entry that points to your Linux system


  1. Add SSL support in Apache. (Enable SSL only if it is not enabled already)

    > sudo a2enmod ssl



  2. Copy the SSL certificate provided by your certification provider and SSL private key file to the apache directory. The certificate file is renamed as server.crt and intermediate chain file renamed to server-ca.crt and private key file is renamed as server.key

    > sudo mkdir -p /etc/apache2/ssl
    > sudo cp server.crt /etc/apache2/ssl
    > sudo cp server-ca.crt /etc/apache2/ssl 
    > sudo cp server.key /etc/apache2/ssl 



  3. Modify your webserver configuration (/etc/apache2/sites-enabled/000-default.conf) to use the issued ssl certificate.  (NOTE: The ServerName must match the server name in the SSL certificate)

    Ubuntu 14.04 or older
    <VirtualHost *:443>
    # Admin email, Server Name (domain name) and any aliases
     ServerAdmin support@xyz.com
     ServerName server1.xyz.com
    # Index file and Document Root (where the public files are located)
     DirectoryIndex index.php
    DocumentRoot /var/www
     <Directory /var/www/>
     Options Indexes FollowSymLinks MultiViews
     AllowOverride All
     Order allow,deny
     allow from all
     </Directory>
    
     ErrorLog ${APACHE_LOG_DIR}/error.log
    # Possible values include: debug, info, notice, warn, error, crit,
     # alert, emerg.
     LogLevel warn
     CustomLog ${APACHE_LOG_DIR}/access.log combined
    
     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl/server.crt
     SSLCertificateChainFile /etc/apache2/ssl/server-ca.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key
     
    </VirtualHost>
    Ubuntu 16.04
    <VirtualHost *:443>
    # Admin email, Server Name (domain name) and any aliases
     ServerAdmin support@xyz.com
     ServerName server1.xyz.com
    # Index file and Document Root (where the public files are located)
     DirectoryIndex index.php
    DocumentRoot /var/www/html
     <Directory /var/www/html>
     Options Indexes FollowSymLinks MultiViews
     AllowOverride All
     Order allow,deny
     allow from all
     </Directory>
    
     ErrorLog ${APACHE_LOG_DIR}/error.log
    # Possible values include: debug, info, notice, warn, error, crit,
     # alert, emerg.
     LogLevel warn
     CustomLog ${APACHE_LOG_DIR}/access.log combined
    
     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl/server.crt
     SSLCertificateChainFile /etc/apache2/ssl/server-ca.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key
     
    </VirtualHost>


  4. Ensure that /etc/apache2/ports.conf has Listen 443 (Should already be there)

  5. Restart Apache.

    > sudo /etc/init.d/apache2 restart
  • No labels