Ideally, reconfiguring your Apache installation under Ubuntu to support TLS/SSL (a.k.a. https) would be as easy as:
sudo a2enmod ssl
sudo apache2ctl restart
Unfortunately, there are additional steps involved. There used to be a package named apache-ssl which did part of this work for you, but it mysteriously disappeared. Essentially you need to either obtain (or create) a certificate, and configure apache to use that certificate. Much of the ground work was done by Paul Bramscher and Michael R Head, but the results need to be updated for a number of reasons.
First, you enable the ssl module:
sudo a2enmod ssl
Next, you need to tailor the configuration file used to produce your certificate. If you attempt to use the template directly, you will see something like the following error:
problems making Certificate Request
13237:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=2
Instead, copy the configuration file to /tmp and edit it there. I used sed, but you can use your favorite editor. Just make sure that the country code selected is only two characters, or you will continue to see an error like the one above.
cp /usr/share/ssl-cert/ssleay.cnf /tmp
sed -i "s/@CountryName@/US/" /tmp/ssleay.cnf
sed -i "s/@StateName@/North Carolina/" /tmp/ssleay.cnf
sed -i "s/@LocalityName@/Raleigh/" /tmp/ssleay.cnf
…
Now, generate the certificate. Note: in the original script, $@ referred to the script arguments, and you need to specify the same file for -out and -keyout.
To complete the configuration you need to create a second website. Your current default website will need to be modified from specifying * to specifying *:80, limiting it to port 80. A new ssl configuration will need to be created, based on the default and differing only in that it specifies port 443, and is configured with SSLEngine On and told where to locate your SSLCertificateFile. Note the step to modify ports.conf is no longer necessary.
cd /etc/apache2/sites-available
sudo sed -i '1,2s/\*/*:80/' default
sudo cp default ssl
sudo sed -i '1,2s/\*:80/*:443/' ssl
sudo sed -i "3a\\\tSSLEngine On\n\tSSLCertificateFile /etc/apache2/ssl/apache.pem" ssl
sudo a2ensite ssl
Finally, restart Apache:
sudo apache2ctl restart
There’s an easier way to do this. The ssl-cert package provided in Debian and Ubuntu is a quick frontend for the SSL key generation you’re doing by hand.
Great reference: How to setup Subversion over WebDAV and…
Great reference: How to setup Subversion over WebDAV and How to setup Trac, both on Ubuntu Update: how timely, Sam Ruby’s Apache2, https, and Gutsy Gibbon...
hey. i was using this as a reference. i used the ubuntu steps for the cert. the rest of the steps .. i mean create the ssl file under available sites I did. When I restart my server I see the following error
[Tue Nov 27 15:33:26 2007] [error] Init: Unable to read server certificate from file /etc/ssl/private/apache.pem
[Tue Nov 27 15:33:26 2007] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Nov 27 15:33:26 2007] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
To make the long story short: You have entered more than two characters into the country code field to the ssl certificate creator wrapper. The make-ssl-cert wrapper swallows the error message of openssl, and simply does not put in the certificate code into apache.pem
Redo the process in any of the two ways, whit two character country code, and it will work.
Here is a simple way to get apache2 installed with a self signed SSL cert in Gutsy. First install all the dependencies. sudo apt-get install apache2 sudo apt-get install openssl sudo apt-get install ssl-cert Now create a cert sudo make-ssl-cert...
In an attempt to setup ssl I did this sudo apt-get install openssl sudo apt-get install ssl-cert cp /usr/share/ssl-cert/ssleay.cnf /tmp sed -i “s/@CountryName@/US/” /tmp/ssleay.cnf sed -i “s/@StateName@/Ohio/” /tmp/ssleay.cnf sed -i...