SSL or Secure Socket Layer ascertains that all data passed between the web server and the web browser remain private and secure. It is the standard security technology for engendering an encrypted connection between a web server and a web browser. To implement SSL, a web server requires a SSL Certificate.
SSL works by using a public key to establish a secure connection. Anything encrypted with a public key (the SSL certificate) can only be decrypted with the private key (stored only on the server) and vice versa.
An SSL certificate is obligatory for more than just distributing the public key: if it is signed by a trusted third-party, it verifies the identity of the server so clients ken they arent sending their information (encrypted or not) to the erroneous person.
However, you can also generate and install a self-signed certificate for development purposes but they will not be recognized by web browsers and browser will prompt user with a warning stating that the certificate can not be trusted. User need to explicitly specify as an exception in order to access the pages.
To create a certificate (self-signed or not), a private key(.pem) file needs to be generated. To create this key file, OpenSSL must be installed on the server. If you do not have OpenSSL installed, you need to install it first. Once done, open terminal and type :
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt
OpenSSL will prompt to fill in the required information. Once executed successfully, OpenSSL will generate two files, yourdomainname.key and yourdomainname.crt This .crt file is the needed certificate.
The only thing left now is to configure Apache virtual host to use this SSL certificate.
By default, SSL works on port 443. Change the port of your virtual host from 80 to 443. Add the following directives in your virtual host file.
ServerName YOUR SERVER NAME
SSLEngine on
SSLCertificateFile PATH TO YOUR CERTIFICATE FILE.
SSLCertificateKeyFile PATH TO YOUR KEY FILE.
Save changes and restart apache
service apache2 restart
and its done.
0 Comment(s)