Setting up SSL with Ubuntu 8.10 is a simple process but it does have a few gotchas that you need to be aware of. The setup has changed from 8.04. One issue is that the +CompatEnvVars is no longer used as it created a bug in 8.10 and you will have to enable the default-ssl site to get everything working.
First, log on to your server Install Apache:
sudo apt-get install apache2
Change to the /etc/apache2/mods-available directory and look at the available modules. Then change to the /etc/apache2/mods-enabled directory to see what modules are enabled:
cd /etc/apache2/mods-available
ls
cd /etc/apache2/mods-enabled
ls
Now, install and enable SSL:
sudo a2enmod ssl
sudo /etc/init.d/apache2 force-reload
Change to the default webserver directory, and create a simple web page:
cd /var/www
sudo vim index.html
Add the following content:
<html>
<head>
<title>Welcome to Your_Name's Web Site</title>
</head>
<body>
<p>This is the best web site in the whole wide world. </p>
</body>
</html>
Save and exit. On your own local computer, open a tab or window for your web browser. For the URL, enter:
http://IP_address_of_my_server
You should be able to view your web page. Now, you'll want to encrypt your site. Create the server encryption keys:
cd /etc/apache2
sudo openssl genrsa -des3 -out server.key 1024
Use this set of keys to create a certificate request:
sudo openssl req -new -key server.key -out server.csr
When asked to input data, use your imagination to create something appropriate. Be sure to write down your passphrase. Use this request to create your self-signed certificate:
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Install the key and certificate:
sudo cp server.crt /etc/ssl/certs/
sudo cp server.key /etc/ssl/private/
Open the "defaults" file for editing:
cd /etc/apache2/sites-available
sudo vim default-ssl
This file is basically set up but you will want to uncomment the SSLOptions line and also change the SSLCertificate lines to reflect the location and name of your new information.
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
The port 443 is enabled when you use SSL so that is ready to go.
Enable the default SSL site:
sudo a2ensite default-ssl
If you do not enable the default-ssl you will get this error:
"ssl_error_rx_record_too_long apache"
Restart Apache.
sudo /etc/init.d/apache2 restart
That should do it.
No comments:
Post a Comment