Configure Apache with TLS/SSL Certificate Ubuntu 18

Configure Apache with TLS/SSL Certificate Ubuntu 18

TLS (Secure socket layer)  and SSL (Secure socket layer) are  used for securing the data transfer between client and server. These certificates add a layer of security so that the data which was before sent in the form of plain text and could be analyzed by any third party. This tutorial will lead to create and activate TLS/SSL certificates on Apache server on Ubuntu 18.04.

Generating it by yourself means that you will be a signer and the browser won’t verify the identity. It will also warn the user about the validity of the certificate. It is possible to bypass the certificate. Public facing sites must use a certificate with a trusted certificate authority.

Prerequisites:

  • Apache server configured and installed

Step 1:  Generate Certificate

  1. Create a directory place to store the file
        $ mkdir ~/certificates
        $ cd ~/certificates

2. Generate a CSR and private key using following command

$ openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes

After successfully running the command it will ask for the information of certificate request. Complete it using the appropriate information.

Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: FL
Locality Name (eg, city) []: Miami
Organization Name (eg, company) [My Company]: My Company
Organizational Unit Name (eg, section) []:

The common name is your domain name or the server IP address.

Common Name (e.g. server FQDN or YOUR name) []: 192.168.2.3
Email Address []:dummy@example.com

3. Now move the certificate into the same folder you created using the following commands

$ mkdir /etc/apache2/ssl
$ mv ~/certificates/* /etc/apache2/ssl/.

4. We are done creating the certificate now we will make the certificate work with Apache.

Step 2: Configuring the Firewall

  1.  Make sure that the TCP port 443 is open. Instead of port 80 SSL uses port 443. We will be using Uncomplicated Firewall (UFW)
  2. To enable UFW use the following command
$ sudo ufw enable
  1. Allow the predefined apache settings for the firewall using the following command
$ sudo ufw allow 'Apache Full'
  1. You  can check the list of current rules using the following command.
$ sudo ufw status

The configuration should be similar to this:

To                         Action      From
—                         ——      —-
Apache Full                ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
Apache Full (v6)           ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

  1. To allow future connections allow OpenSSH
$ sudo ufw allow 'OpenSSH'

Step 3: Apache virtual host configuration

  1. Navigate to the default Apache site config directory using the following command
$ sudo nano /etc/apache2/sites-available/default-ssl.conf


This config file tells the server where to find SSL certificate. It should look like this:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on

SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

</VirtualHost>
</IfModule>
 1. Edit this: ServerAdmin webmaster@localhost to this :

ServerAdmin email@example.net

  1. Add this right below the ServerAdmin line:

ServerName ADD_YOUR_IP_OR_DOMAIN_NAME_HERE

  1. Now, edit these lines with our certificate location:

SSLCertificateFile    /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key


Our file should look like this:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin email@example.net
ServerName 203.0.113.122

DocumentRoot /var/www/html

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLEngine on

SSLCertificateFile    /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

<FilesMatch “.(cgi|shtml|phtml|php)$”>
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>

</VirtualHost>
</IfModule>

  1. Save the file, and close it.

Step 4: Enable the Apache SSL module

  1. Enable the SSL module using following command
$ sudo a2enmod ssl
  1. Now enable the site we have just edited:
$ sudo a2ensite default-ssl.conf
  1. Restart Apache:
$ sudo service apache2 restart
  1. The website is now secure, access it using following address in the browser

https://YOUR_SERVER_IP

Since the browser will read the certificate as invalid as explained in the introduction. Because the certificate is not signed. Follow the steps according to your browser to proceed.

Check out these top 3 Linux hosting services

Webdock
$1.05 /mo
Starting price
Visit Webdock
Rating based on expert review
  • User Friendly
    3.8
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.3
  • Pricing
    4.3
Kamatera
$4.00 /mo
Starting price
Visit Kamatera
Rating based on expert review
  • User Friendly
    3.5
  • Support
    3.0
  • Features
    3.9
  • Reliability
    4.0
  • Pricing
    4.3
Ultahost
$2.50 /mo
Starting price
Visit Ultahost
Rating based on expert review
  • User Friendly
    4.3
  • Support
    4.8
  • Features
    4.5
  • Reliability
    4.0
  • Pricing
    4.8

How To Set up a VSFTPD Server on an Ubuntu 16.04 VPS or Dedicated Server

Brief Description FTP data is usually insecure since information (usernames, pa
less than a minute
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to Setup Let's Encrypt With Nginx on an Ubuntu 18.04 VPS or Dedicated Server

In this guide, you will learn how to setup Let's encrypt on your Ngnix Server to
less than a minute
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to Install an SSL/TLS Certificate for WordPress with Apache Using a Nginx Reverse Proxy on a CentOS VPS

One of the ways to increase your website’s google ranking is to set up SSL. Th
less than a minute
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How To Add Free SSL In WordPress Using Let's Encrypt

Let’s Encrypt is a free open certificate authority that aims to provide SSL ce
less than a minute
Idan Cohen
Idan Cohen
Marketing Expert
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top