Ubuntu Apache https / SSL
http://wiki.ubuntuusers.de/Apache/SSL
- sudo a2enmod ssl
- cd /etc/apache2/
- mkdir ssl
- cd ssl
- openssl req -new -nodes -keyout server.key -out server.csr -newkey rsa:4096
- Request certificate and copy files to /etc/apache2/ctl
- server.crt
- sub.class2.server.ca.pem (or class1)
- ca.pem
- chmod 600 *
- cd ..
- vi default
-
NameVirtualHost *:80
-
- vi company1
- If https only, redirect to https site
-
<VirtualHost *:80> ServerName ullright.example.com RewriteEngine On # This will enable the Rewrite capabilities RewriteCond %{HTTPS} !=on # This checks to make sure the connection is not already HTTPS RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] # This rule will redirect users from their original location, to the same location but using HTTPS. # i.e. http://www.example.com/foo/ to https://www.example.com/foo/ # The leading slash is made optional so that this will work either in httpd.conf # or .htaccess context </VirtualHost>
- vi company1-ssl
-
<IfModule mod_ssl.c> NameVirtualHost *:443 <VirtualHost *:443> ServerName ullright.example.com DocumentRoot /var/www/ullright/web <Directory /var/www/ullright/web> AllowOverride All Allow from All </Directory> <Directory /var/www/ullright/web/uploads> # Disable rewrite in upload dir (fix to get FCKeditor uploads working) RewriteEngine off # Disable script execution AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi Options -ExecCGI </Directory> SSLEngine on SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLCertificateChainFile /etc/apache2/ssl/sub.class2.server.ca.pem SSLCACertificateFile /etc/apache2/ssl/ca.pem </VirtualHost> </IfModule>
-
- sudo service apache2 force-reload
Troubleshooting
Make sure the virtual host definitions are clean. So only one NameVirtualHost *:443 and <VirtualHost *:443>.
Test SNI with Openssl
openssl s_client -tls1_2 -connect myserver.com:443 -servername www.myvhost.net