Once the certificate is implemented, the configured domain/IP will be accessible over HTTPS.
Let’s get it started.
On a high level, we will do the following.
To configure SSL, Apache HTTP must be compiled with mod_ssl. I’ll use CentOS 7 VM from Digital Ocean to demonstrate this.
wget http://www-us.apache.org/dist//httpd/httpd-2.4.25.tar.gz .Note: you can check here for the latest version.
gunzip -c httpd-2.4.25.tar.gz | tar xvf -./configure --enable-ssl –-enable-soNote: If you are doing this on a brand-new server, then you may experience issues related to APR, PCRE, and OpenSSL, and you may refer to the Apache troubleshooting guide.
Ensure you don’t get any error from the above configure command, and next you got to install with make commands.
make make installAs usual, ensure no errors from the above commands. This concludes, you have installed an Apache web server with SSL support.
There are multiple ways to generate and get the SSL cert signed by the certificate authority.
If you are looking to implement SSL in the Intranet web server, then most of the organization has an internal certificate issuer team, so you got to check with them. But you still need to generate a CSR (Certificate Signing Request), and you can do it using OpenSSL.
However, if you are looking to secure an Internet-facing URL then either you can buy a certificate from VeriSign, GoDaddy, Namecheap, ZeroSSL, etc., or get a FREE cert from Let’s Encrypt.
Let’s Encrypt is a Linux Foundation Collaboration Project who offers a FREE SSL/TLS certificate. I will use Let’s Encrypt to get one certificate for my domain – Chandan.io
There are multiple ways to generate CSR, but the easiest one I found is using the “SSL For FREE” online tool.
Enter the URL that you want to secure
Verify the domain ownership by one of the listed methods and download your domain certificate files.
You will get three files that we will use next to configure the Apache webserver.
Transfer the downloaded file to the Web Server. We will need them shortly.
And a final step would be to configure Apache so it can serve the request over HTTPS.
LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-ssl.confWe will use httpd-ssl.conf file to configure the certificate details. There are the following you need to ensure it exists the right parameters.
Tip: you may want to create a new folder called “ssl” and keep all the certificate-related files in this.
SSLCertificateFile "/usr/local/apache2/conf/ssl/certificate.crt" SSLCertificateChainFile "/usr/local/apache2/conf/ssl/ca_bundle.crt" SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/private.key"Next, you need to configure the “ServerName” directive. Usually, it’s your domain/URL name
ServerName chandan.iocd /usr/local/apache2/bin ./apachectl stop ./apachectl startAnd finally, you got to ensure your domain is mapped to the newly configured web server IP. Once done, try to access your domain with HTTPS.
And as you can see, Chandan.io is accessible over https with the certificate I configured.
The above steps are essential for setting up an SSL certificate, and you must tweak the SSL further to harden and secure, which I explained here. Before go-live, you may also want to test your web server SSL/TLS to ensure it’s not exposed to common security vulnerabilities.
I hope this gives you an idea of how to implement an SSL certificate on your Apache Web server, so the URL is accessible over HTTPS.
