SSL on Ubuntu 8.10 Apache2

by Mike on January 3, 2009 · 19 comments

in Web Server

Setting up SSL with Ubuntu 8.10 is a simple process but it does have a few gotchas that you need to be aware of.  The setup has changed from 8.04.  One issue is that the +CompatEnvVars is no longer used as it created a bug in 8.10 and you will have to enable the default-ssl site to get everything working.

First, log on to your server  Install Apache:

sudo apt-get install apache2

Change to the /etc/apache2/mods-available directory and look at the available modules.  Then change to the /etc/apache2/mods-enabled directory to see what modules are enabled:

cd /etc/apache2/mods-available
ls
cd /etc/apache2/mods-enabled
ls

Now, install and enable SSL:

sudo a2enmod ssl
sudo /etc/init.d/apache2 force-reload

Change to the default webserver directory, and create a simple web page:
cd /var/www
sudo vim index.html

Add the following content:
<html>
<head>
<title>Welcome to Your_Name’s Web Site</title>
</head>
<body>
<p>This is the best web site in the whole wide world.     </p>
</body>
</html>

Save and exit.  On your own local computer, open a tab or window for your web browser.  For the URL, enter:

http://IP_address_of_my_server

You should be able to view your web page.  Now, you’ll want to encrypt your site.    Create the server encryption keys:

cd /etc/apache2
sudo openssl genrsa -des3 -out server.key 1024

Use this set of keys to create a certificate request:

sudo openssl req -new -key server.key -out server.csr

When asked to input data, use your imagination to create something appropriate.  Be sure to write down your passphrase.  Use this request to create your self-signed certificate:

sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Install the key and certificate:

sudo cp server.crt /etc/ssl/certs/
sudo cp server.key /etc/ssl/private/

Open the “defaults” file for editing:

cd /etc/apache2/sites-available
sudo vim default-ssl

This file is basically set up but you will want to uncomment  the SSLOptions line and also change the SSLCertificate lines to reflect the location and name of your new information.

SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

The port 443 is enabled when you use SSL so that is ready to go.

Enable the default SSL site:
sudo a2ensite default-ssl

If you do not enable the default-ssl you will get this error:
“ssl_error_rx_record_too_long apache”

Restart Apache.

sudo /etc/init.d/apache2 restart

That should do it.

{ 18 comments }

Directory February 5, 2009 at 9:10 am

Very informative article, which I found quite useful. Cheers ,Jay

James February 7, 2009 at 5:17 pm

Works great, thanks! One question if anyone knows: Is there a way to set the Website of the Certificate so that IE doesn’t give this error: “The security certificate presented by this website was issued for a different website’s address.”?

James February 7, 2009 at 6:16 pm

Follow up to my question: Is there a way to set the Website of the Certificate so that IE doesn’t give this error: “The security certificate presented by this website was issued for a different website’s address.”?

Yes. You set the “Common Name” to your website address.

Thanks again!

Anonymous June 7, 2009 at 1:53 pm

You would have to buy a certificate from a secure source like GoDaddy. They cost about $300

Arvind August 17, 2009 at 10:38 pm

Thank You very much. This article was very helpful in quickly setting up a webserver with SSL on Linux with Apache2 – specially since I was pressed for time and didnt have time to sit and poke around.

Bryan September 1, 2009 at 5:44 am

Not sure if I missed a step or something, but when I restart the server, it pauses and wants me to enter the key for the private key file. Any ideas?

mike September 3, 2009 at 3:48 am

This is typical when you restart the server and you have the SSL certificate on that site.

kwasi November 8, 2009 at 6:19 am

Hi all, very good post, im new at this but im not getting the site to work in secure mode (https)
or the little lock at the bottom doesn’t closes. am i doing something wrong

Dakos November 19, 2009 at 8:52 am

@Bryan

Replace this:
sudo openssl genrsa -des3 -out server.key 1024
With:
sudo openssl genrsa -out server.key 1024

To generate a key without needing a passphrase so your server can start without interruption.

Liam December 23, 2009 at 5:23 pm

How would I go about setting up the SSL with a cert I bought online? Would I drop it into the /etc/ssl/private and /etc/ssl/certs folders?

Thanks.

mike January 4, 2010 at 9:55 am

Here is a link for setting up certs that should help.

http://beginlinux.com/blog/2009/01/create-ssl-certificate-with-godaddycom/

subodh March 11, 2010 at 11:06 am

Awesome and very simple to understand article

vsdikshit June 18, 2010 at 12:44 am

This Is cool,
The fastest way I found to install SSL .

inedit00 June 18, 2010 at 3:23 pm

If you have you private key protected with a password alredy created you can execute:
sudo cp private.key private.key.back
sudo openssl rsa -in private.key -out private.key

You put your password and private.key now have no password.

Thnks for the post!

Peter June 19, 2010 at 2:38 pm

Hey, thx for post, very simple and useful.

Just a question, web browser says that ceritificate version is 1, others certificates are in version 3.
How to do that and what is the difference?

DaveM June 28, 2010 at 3:59 pm

Add another grateful reader to chorus. Worked perfectly for me the first time on Ubuntu 9.10.

[aMc] July 22, 2010 at 12:18 pm

Fantastic article.
Thanks. :)

Avijit October 31, 2010 at 11:38 pm

I am getting phrase fail SSL while i am trying your guide. Please help. :(

{ 1 trackback }

Previous post:

Next post: