Setting up Secure HTTP (HTTPS) on Apache Server
Creating a secure connection between a client and an Apache web server is essential for protecting the transmission of sensitive data, such as passwords and personal information. In this article, we will cover the steps for setting up an secure HTTP connection (also known as HTTPS) on an Apache server.
Prequisites:
Before getting started, you will need the following:
- A server running Apache
- A valid SSL certificate
- The mod_ssl module installed and enabled on your Apache server
To check if mod_ssl is installed and enabled, execute the following Linux command:
$ sudo a2enmod ssl
If mod_ssl is already enabled, you will see the following output:
Module ssl already enabled
If mod_ssl is not installed, you will need to install it by running the following command:
$ sudo apt-get install libapache2-mod-ssl -y
Step 1: Create an SSL Certificate
The first step in setting up an HTTPS connection is to create an SSL certificate. If you already have a valid SSL certificate, you can skip this step.
To create an SSL certificate, you will need to use the openssl command. Execute the following command to generate a self-signed SSL certificate:
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
This command will create a self-signed SSL certificate that is valid for 365 days. You will be prompted to enter information about your organization, such as the common name and the organizational unit.
Step 2: Configure Apache to Use the SSL Certificate
Next, you will need to configure Apache to use the SSL certificate that you just created.
Open the Apache configuration file with the following command:
$ sudo nano /etc/apache2/sites-available/default-ssl.conf
Find the following lines in the configuration file and update them with the path to your SSL certificate and key:
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
Here is the example configuration snippet:
<VirtualHost *:80>
ServerName domain.com
ServerAdmin your-email@domain.com
Redirect permanent / https://domain.com/
</VirtualHost>
<VirtualHost *:443>
ServerName domain.com
ServerAdmin your-email@domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /path/to/your/ssl/certificate.crt
SSLCertificateKeyFile /path/to/your/ssl/privatekey.key
<Directory /var/www/html>
AllowOverride All
</Directory>
</VirtualHost>
Save the configuration file and exit the editor.
Next, enable SSL module and default SSL site with the following commands:
$ sudo a2enmod ssl
$ sudo a2ensite default-ssl.conf
Restart Apache web server to apply the changes using service or systemctl command:
$ sudo service apache2 restart
or
$ sudo systemctl restart apache2
Step 3: Test the HTTPS Connection
To test the HTTPS connection, open your web browser and visit your website using the HTTPS protocol, for example: https://www.example.com.
If the SSL certificate is correctly configured, you should see a secure connection indicator in your browser, such as a green lock icon.
Conclusion
In this article, we have gone over the steps to setup HTTPS on an Apache server. We have installed the mod_ssl module, enabled it, created a virtual host configuration file for our domain, and enabled the virtual host configuration file. Finally, we restarted Apache to apply the changes.
At this point, your Apache server should be configured to use HTTPS for all incoming requests. You can test this by accessing your website using a web browser and checking that the URL starts with "https://". You can also use tools such as SSL Labs or Qualys SSL Server Test to check the configuration and security of your SSL certificate.
It is important to keep your SSL certificate up-to-date and renew it before it expires. You can use tools such as Certbot to automate the process of obtaining and renewing SSL certificates from the popular certificate authority Let's Encrypt.
