this is obsolete doc -- see http://doc.nethence.com/ instead
Enabling SSL on Apache 2
on debian jessie and redhat
http://pbraun.nethence.com/doc/www/apache2.html
http://pbraun.nethence.com/doc/www/apache2-ssl.html
Apache configuration on Debian Jessie
Make sure openssl and mod_ssl, are installed
dpkg -l | grep openssl
dpkg -l | grep apache2
ls -l /usr/lib/apache2/modules/mod_ssl.so
Make sure mod_ssl is enabled,
cd /etc/apache2/mods-enabled/
ls -l *ssl*
Prepare some folder to store the certificates,
mkdir -p /etc/apache2/ssl/
cd /etc/apache2/ssl/
Either create a temporary self-signed certification,
make-ssl-cert /usr/share/ssl-cert/ssleay.cnf apache.pem
commonname: hostname.example.net
subjectaltname: DNS:hostname,IP:IP_ADDRESS
alternatively,
openssl req -new -x509 -nodes -out host.example.net.crt -keyout host.example.net.key
or deploy your real certificates,
/etc/apache/ssl/example.net.pem
/etc/apache/ssl/example.net.priv.pem
/etc/apache/ssl/example.net.priv.nopass.pem
See http://pbraun.nethence.com/unix/security/openssl.html for more information.
Check that apache2 is listening on port 443,
cd /etc/apache2/
cat ports.conf
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
NameVirtualHost *:443
Listen 443
</IfModule>
netstat -an --inet --inet6 | grep 443
Enable or re-configure the HTTPS service (using the real certificates here),
cd /etc/apache2/sites-available/
mv default-ssl.conf default-ssl.conf.dist
vi host.ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
SSLEngine on
#SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateFile /etc/apache2/ssl/example.net.pem
SSLCertificateKeyFile /etc/apache2/ssl/example.net.priv.nopass.pem
ServerName host.example.net
ServerAdmin webmaster@example.net
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/error-ssl.log
CustomLog /var/log/apache2/access-ssl.log combined
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
</IfModule>
then enable the https service,
cd ../sites-enabled/
ln -s ../sites-available/host.ssl.conf
Reload apache (yes a reload is enought even for a new cert:-),
apachectl configtest
httpd -S
cd /var/log/apache2/
tail -F error-ssl.log error.log
service apache2 reload
Troubleshooting
If you get this warning when checking apache configuration,
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
==> add NameVirtualHost *:443 into ports.conf, see above.
Ref. https://www.demenageur-site.com/blog/2012/06/plusieurs-certificats-ssl-pour-differents-virtualhosts-sur-une-seule-ip/
Additional notes on redhat - RHEL
On redhat systems it is basically the same, just different configuration file locations and folders.
Prepare or deploy your certificates,
mkdir -p /etc/httpd/ssl/
cd /etc/httpd/ssl/
host.example.net.crt
host.example.net.key
Enable SSL,
cd /etc/httpd/conf.d/
mv -f ssl.conf ssl.conf.dist
cat > ssl.conf <<EOF9
LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
EOF9
Add an HTTPS virtualhost (port 443),
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/host.example.net.crt
SSLCertificateKeyFile /etc/httpd/sll/host.example.net.key
...
</VirtualHost>
Ready to go,
apachectl configtest
httpd -S
service httpd reload
References
Installer et configurer le module ssl pour Apache2: https://technique.arscenic.org/lamp-linux-apache-mysql-php/apache-le-serveur-http/modules-complementaires/article/installer-et-configurer-le-module-ssl-pour-apache2
Setting up a secure server with Apache and mod-ssl: https://www.debian-administration.org/article/31/Setting_up_a_secure_server_with_Apache_and_mod-ssl
Configuring your Apache Server : http://www.faqs.org/docs/Linux-HOWTO/SSL-RedHat-HOWTO.html#s4
How do I create a self-signed SSL Certificate for testing purposes : http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#selfcert
How do I create a real SSL Certificate : http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#realcert
How do I create and use my own Certificate Authority (CA) : http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#ownca