As a part of my network security assignment, I decided to setup a webserver and tried to enable https connection.Hypertext transfer protocol secure(https) is actually a widely used protocol for secure communication. It provides authentication of websites.
To set up a webserver, I installed apache by the following command:
$sudo apt-get install apache2
Now activate the ssl module by the following command:
$sudo a2enmodssl
This step was followed by the restarting of apache
$sudo service apache2 restart
To setup the secure connection I generated a public-private key pair and then created a self-signed digital certificate. This digital certificate was used for the https connection.
Before generating the certificate and the key, create a directory inside apache2 (eg.ssl) to save the key and the certificate. Then do the following to create a self-signed certificate:
$sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
apache.key is the key generated and apache.crt is the certificate generated. 365 is the number of days the certificate will be valid for. This command will prompt terminal to display few things that has to be filled in.
To set up the certificate, the next thing to do is to set up the virtual hosts to display the new certificate.
Open the SSL config file:
$sudo nano /etc/apache2/sites-available/default
Now we have edit and insert some lines to this file. Change the port on the virtual host to 443.Add this with your server name right below the Server Admin email:
ServerName example.com:443
Also add these three lines to the code:
SSLEngine on SSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key
Now enable the virtual host by:
$sudo a2ensite default
Now reload the apache server and every thing will be alright.
$sudo service apache2 reload
Just go to you browser and type the address. You’ll be able to see the https connection and your certificate. I have added the screen-shot of what I have got.
My Blog 