web analytics

How to implement SSL on Apache 2.2.15

Pre-installation notes
The guide bellow is based on the previous guide

SSL implementation phase

  1. Login to the server using Root account.
  2. Create folder for the SSL certificate files:
    mkdir -p /usr/local/apache2/ssl
    chmod 600 /usr/local/apache2/ssl
  3. Run the command bellow to generate a key pair:
    /usr/bin/openssl genrsa -des3 -out /usr/local/apache2/ssl/server.key 1024Specify a complex pass phrase for the private key (and document it)
  4. Run the command bellow to generate the CSR:
    /usr/bin/openssl req -new -newkey rsa:1024 -nodes -keyout /usr/local/apache2/ssl/server.key -out /tmp/apache.csr
    Note: The command above should be written as one line.
  5. Send the file /tmp/apache.csr to a Certificate Authority server.
  6. As soon as you receive the signed public key from the CA server via email, copy all lines starting with “Begin” and ending with “End” (include those two lines), into notepad, and save the file as “server.crt
  7. Copy the file “server.crt” using SCP into /usr/local/apache2/ssl/
  8. Follow the link on the email from the CA server, to create the Root CA chain, and save it as “ca-bundle.crt” (Note: The file must be PEM (base64) encoded).
  9. Copy the file “ca-bundle.crt” using SCP into /usr/local/apache2/ssl/
  10. Edit using VI the file /usr/local/apache2/conf/httpd.conf and add the following lines:
    Listen Server_FQDN:443
    SSLEngine on
    SSLCertificateKeyFile /usr/local/apache2/ssl/server.key
    SSLCertificateFile /usr/local/apache2/ssl/server.crt
    SSLCACertificateFile /usr/local/apache2/ssl/ca-bundle.crt
    Note: Replace Server_FQDN with the server DNS name (as written on the certificate).
  11. Restart the Apache services:
    /usr/local/apache2/bin/apachectl restart
  12. Backup the file /usr/local/apache2/ssl/server.key

One Response to “How to implement SSL on Apache 2.2.15”

  • This is a very helpful article. This really helps people how to implement SSL on apache 2.2.5. I am also looking for more tips and more easier instruction for people who are not as technical as most of the viewers.

Leave a Reply