ubuntu apache2 https

1. enable the module ssl by:

sudo a2enmod ssl

2.after you have enabled module ssl , you will have to restart the web server for the change to be recognized:

sudo service apache2 restart

now ,the web server is able to handle ssl

3. create a directory to place the certificate files that will be maked:

sudo mkdir /etc/apache2/ssl

4.create our key and certificate

sudo openssl req -x509 -nodes -days  -newkey rsa: -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

let's go over what this means :

• openssl: This is the basic command line tool provided by OpenSSL to create and manage certificates, keys, signing requests, etc.
• req: This specifies a subcommand for X.509 certificate signing request (CSR) management. X.509 is a public key infrastructure standard that SSL adheres to for its key and certificate managment. Since we are wanting to create a new X.509 certificate, this is what we want.
• -x509: This option specifies that we want to make a self-signed certificate file instead of generating a certificate request.
• -nodes: This option tells OpenSSL that we do not wish to secure our key file with a passphrase. Having a password protected key file would get in the way of Apache starting automatically as we would have to enter the password every time the service restarts.
• -days 365: This specifies that the certificate we are creating will be valid for one year.
• -newkey rsa:2048: This option will create the certificate request and a new private key at the same time. This is necessary since we didn't create a private key in advance. The rsa:2048 tells OpenSSL to generate an RSA key that is 2048 bits long.
• -keyout: This parameter names the output file for the private key file that is being created.
• -out: This option names the output file for the certificate that we are generating.

　　when you hit "ENTER" , you will be asked some questions , answer it ....

　　then, the key and certificate will be created and placed in the /etc/apache2/ssl directory

　　now ! ! ! ! ! ! ! ! ! !  ! we will configure apache to use ssl

　　open the file with your editor

　　

sudo vi /etc/apache2/site-available/default-ssl.conf

what we should modify is the content with red

<IfModule mod_ssl.c>
    <VirtualHost _default_:>
        ServerAdmin admin@example.com
        ServerName your_domain.com
        ServerAlias www.your_domain.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>

save and exit the file when you finished

then we enable it by:

sudo a2ensite default-ssl.conf

restart our web server

sudo service apache2 restart

now you can test it in your explorer

https://server_domain_name_or_IP:443