PREREQUISITE
- Linux server with apache installed (Port 80 and 443 should open from FW)
- There should be a DNS entry for your site. Local host entry is enough.
- "openssl" package should be installed in your server.
- Download this file to your server and extract. (Download Link)
In this example I am using Ubuntu 20.04 LTS server. Command can be different you are using OS like Redhat or CentOS.
My site name is : my-testweb.nocompany.lk
We server IP : 192.168.1.23
Add host entry for your site.
Step 01: Install Apache
apt install apache2
After install enable the service and start the apache2 service
systemctl enable apache2
systemctl start apache2
Now try to access default site using host name.
Step 02: Create a Custom Page
Now create a virtual host configuration file with your custom website in below location.
Location : "/etc/apache2/sites-available"
<VirtualHost *:80>
ServerName my-testweb.nocompany.lk
ServerAlias my-testweb.nocompany.lk
DocumentRoot /var/www/html/my-site
ErrorLog ${APACHE_LOG_DIR}/my-testweb.nocompany.lk-error.log
CustomLog ${APACHE_LOG_DIR}/my-testweb.nocompany.lk-access.log combined
</VirtualHost>
Create "DocumentRoot" folder and create simple index.html file.
Include that config file to site-enable folder.
Go to "/etc/apache2/sites-enabled" folder and execute this command.
ln -s ../sites-available/my-site.conf my-site.conf
Now restart the apache service and check.
systemctl restart apache2
Step 03: Obtain Self-sign Certificate
Download this file to your server and extract. (Download Link)
Execute "./createCA.sh" to proceed.
Put strong password during CA certificate generation.
For Common name, you can put your company name.
Cert Path.: sslCA/cacert.pem
Key Path.: sslCA/private/cakey.pem
Now generate host certificate and sign with CA certificate
Execute "./createHostCert.sh" to proceed. Please make sure to put your web site name under "Common Name". You can keep rest of the things default. Challenge password also you and keep as a blank. Just press enter. You have to put password you put for CA certificate for "cakey.pem"
Press "y" to sign the certificate.
Once you successfully completed, it will generate two files.
- hostcert.pem --> Sign certificate for your website
- hostkey.pem --> Key for your website certificate
Create a folder under "/etc/apache2/" call "ssl" and copy those files to "ssl" folder with below names.
Step 04: Make your Site Secure
Now enable SSL module for apache. Execute below command to do this. You have to restart the apache service to apply the changes.
a2enmod ssl
Now open virtual host configuration file you created before and add another virtual host configuration block as follow.
You have to include certificated files you obtained to configuration files.
<VirtualHost *:443>
ServerName my-testweb.nocompany.lk
ServerAlias my-testweb.nocompany.lk
DocumentRoot /var/www/html/my-site
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/my-testweb.crt
SSLCertificateKeyFile /etc/apache2/ssl/my-testweb.key
ErrorLog ${APACHE_LOG_DIR}/ssl-my-testweb.nocompany.lk-error.log
CustomLog ${APACHE_LOG_DIR}/ssl-my-testweb.nocompany.lk-access.log combined
</VirtualHost>
Restart the apache service to apply the changers.
systemctl restart apache2
Step 05: Import CA Certificate to your Browser
Now, you have to import CA certificate you generate previously, to your browser. First copy the CA certificate where your normal user can access. You can copy it to user's home directory.
Open your browser and go to where certificate and import. It can be different from browser to browser. Here I am using Firefox.
Go to Authorities tab and select "Import"
Then you have to navigate to CA certificate file. Once you select and open you have to trust this CA certificate for website. Then press "OK" button.
Now brows your site with https and check whether certificated is downloading without any issue.
Very Good Doc. Thank you Very much Viduranga
ReplyDelete