How to enable SSL on Apache web server Apache-Source Installation



    On our previous article we have seen how to enable SSL certificate on a Apache web server which was installed directly.
    In this article we will be seeing how to install the SSL Certificate on our source installed Apache web server.

    In source installation we have installed ssl modules and its attributes through the configure command by defining --enable-ssl. To know more about installing apache through source installation visit Apache Webserver - Installation from source (tar.gz and tar.bz2)

Configuring SSL:

    The location of SSL configuration file is /usr/local/apache-2.4.37/conf/extra/httpd-ssl.conf where you will be mentioning your certificate path.

jhony@ljunix~$ ls /usr/local/apache-2.4.37/conf/certs/
ljunix.crt  ljunix.csr  ljunix.key

Your httpd-ssl.conf will have the servername and the location of the certificate, TLS version that supports your web server and etc.,.

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/usr/local/apache-2.4.37/htdocs"
ServerName www.ljunix.com:443
ServerAdmin admin@ljunix.com
ErrorLog "/usr/local/apache-2.4.37/logs/error_log"
TransferLog "/usr/local/apache-2.4.37/logs/access_log"


#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate.  If
#   the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again.  Keep
#   in mind that if you have both an RSA and a DSA certificate you
#   can configure both in parallel (to also allow the use of DSA
#   ciphers, etc.)
#   Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
#   require an ECC certificate which can also be configured in
#   parallel.
SSLCertificateFile "/usr/local/apache-2.4.37/conf/certs/ljunix.crt"

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel
SSLCertificateKeyFile "/usr/local/apache-2.4.37/conf/certs/ljunix.key"

Including the ssl conf:
    You have to manually update the httpd.conf to include the httpd-ssl.conf file and to enable the ssl modules.

jhony@ljunix~$ vi /usr/local/apache-2.4.37/conf/httpd.conf

Uncomment the LoadModule declaration for ssl_module.

#LoadModule ssl_module modules/mod_ssl.so

LoadModule ssl_module modules/mod_ssl.so

Ucomment the below line which will include the httpd-ssl.conf where you have mentioned your SSL Certificates.

# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

In addition we need to enable socache module, Uncomment the LoadModule declaration for socache_shmcb_module.

#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Check the syntax of your apache configuration using -t command.

jhony@ljunix~$ /usr/local/apache-2.4.37/bin/apachectl/    -t

Restart the Apache Server:

    Restart your Apache server to take the changes effect.

jhony@ljunix~$ /usr/local/apache-2.4.37/bin/apachectl/  graceful

Feel free to ask if you have any questions.

Popular Posts

How to enable SSL on Apache web server-Httpd

How to install Wordpress in a Linux system

Apache Tomcat Installation - Centos-8

Creating and Running Virtual Machines in LINUX KVM GUI Mode
How In Linux

Comments

  1. Be the first to add a comment.