Sunday, July 8, 2007

KB: Apache SSL Configuration on Ubuntu

Apache SSL Configuration on Ubuntu Linux.

Contents

Overview

This article assumes that you already have Apache installed on your system and that you will be using a self-signed certificate.

Create a Self-signed Certificate

1. Run the following command and answer the prompts (I renamed the resulting apache.pem to webmail.pem for this example):
apache2-ssl-certificate -days 1825
or in the case of Ubuntu Feisty and newer (apache2-ssl-certificate is missing):
openssl req $@ -new -x509 -days 1825 -nodes -out /etc/apache2/webmail.pem -keyout /etc/apache2/webmail.pem
Note: if you wish to create a wild card certificate, enter an asterisk '*' when prompted for host name.

Add a Virtual Host

1. Edit /etc/apache2/ports.conf and add:
Listen 443
2. Enable SSL:
a2enmod ssl
3. Create file /etc/apache2/sites-available/zunisoftssl:
  
NameVirtualHost *:443

<virtualhost _default_:443>
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/webmail.pem
        RedirectMatch ^/$ http://www.zunisoft.com/
</virtualhost>

<virtualhost *:443>
        ServerName webmail.zunisoft.com
        ServerAdmin webmaster@zunisoft.com

        DocumentRoot /var/www/webmail

        <location awstats>
                Order deny,allow
                Deny from all
        </location>

        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/webmail.pem

        ErrorLog /var/log/apache2/webmail.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/webmail.access.log combined
        ServerSignature On
</virtualhost>
4. Create the following link in /etc/sites-enabled:
ln -s /etc/apache2/sites-available/zunisoftssl 001-zunisoftssl
5. Restart Apache:
/etc/init.d/apache2 restart
To Top