Nethence Newdoc Olddoc Lab Your IP BBDock  

Warning: those guides are mostly obsolete, please have a look at the new documentation.


Enabling SSL on Apache 2
on debian jessie and redhat
Apache configuration on Debian Jessie
Make sure openssl and mod_ssl, are installed
dpkg -l | grep openssl
dpkg -l | grep apache2
ls -l /usr/lib/apache2/modules/
Make sure mod_ssl is enabled,
cd /etc/apache2/mods-enabled/
ls -l *ssl*
Prepare some folder to store the certificates,
mkdir -p /etc/apache2/ssl/
cd /etc/apache2/ssl/
Either create a temporary self-signed certification,
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf apache.pem
subjectaltname: DNS:hostname,IP:IP_ADDRESS 
openssl req -new -x509 -nodes -out -keyout 
or deploy your real certificates,
See for more information.
Check that apache2 is listening on port 443,
cd /etc/apache2/
cat ports.conf
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
<IfModule mod_gnutls.c>
NameVirtualHost *:443
Listen 443
netstat -an --inet --inet6 | grep 443
Enable or re-configure the HTTPS service (using the real certificates here),
cd /etc/apache2/sites-available/
mv default-ssl.conf default-ssl.conf.dist
vi host.ssl.conf 
<IfModule mod_ssl.c>
<VirtualHost *:443>
SSLEngine on
#SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateFile /etc/apache2/ssl/ 
SSLCertificateKeyFile /etc/apache2/ssl/ 
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/error-ssl.log 
CustomLog /var/log/apache2/access-ssl.log combined
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
then enable the https service,
cd ../sites-enabled/
ln -s ../sites-available/host.ssl.conf 
Reload apache (yes a reload is enought even for a new cert:-),
apachectl configtest
httpd -S
cd /var/log/apache2/
tail -F error-ssl.log error.log
service apache2 reload
If you get this warning when checking apache configuration,
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
==> add NameVirtualHost *:443 into ports.conf, see above.
Additional notes on redhat - RHEL
On redhat systems it is basically the same, just different configuration file locations and folders.
Prepare or deploy your certificates,
mkdir -p /etc/httpd/ssl/
cd /etc/httpd/ssl/
Enable SSL,
cd /etc/httpd/conf.d/
mv -f ssl.conf ssl.conf.dist
cat > ssl.conf <<EOF9
LoadModule ssl_module modules/
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
Add an HTTPS virtualhost (port 443),
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/ 
SSLCertificateKeyFile /etc/httpd/sll/ 
Ready to go,
apachectl configtest
httpd -S
service httpd reload
Installer et configurer le module ssl pour Apache2:
Setting up a secure server with Apache and mod-ssl:
Configuring your Apache Server :
How do I create a self-signed SSL Certificate for testing purposes :
How do I create a real SSL Certificate :
How do I create and use my own Certificate Authority (CA) :

(obsolete, see the new doc)