Configure TLS/SSL on Apache for HTTPS sites.
HTTPS (Secure Hypertext Transfer Protocol) is a protocol mainly used in data transfer between a browser and a website. The main advantage of this protocol is that data does not travel in plain text but is encrypted, making it almost impossible to be identified by sniffers or network traffic analysis tools.
The protocol used by HTTPS to encrypt information is called TLS (Transport Layer Security), formerly known as SSL (Secure Sockets Layer). This protocol ensures the confidentiality of information using asymmetric cryptography or public key cryptography as well as public key infrastructure.
In this post, you'll see how to configure apache to expose a TLS certificate on your website and accessed through HTTPS.
Apache Configuration
The first thing you need to do is to add the following line to listen to requests on port 443.
Listen 443Now you need to enable the ssl and socache_shmcb modules of apache. You have to do this in the apache http.conf configuration file. If you don't know where this file is located, you can find out with the following command.
apachectl -D DUMP_INCLUDESAfter this, you should look for an ssl configuration file or section in the main file like the following:
<IfModule ssl_module>
...
</IfModule>In this case, you should add an initial configuration like the following:
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLCipherSuite HIGH:!aNULL
SSLProtocol all -SSLv3
Site Configuration
To configure a site with TLS, you just need to perform the same configuration as you usually do with the difference that you must add the port 443 and the paths of the certificate and private key like this:
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "/etc/ssl/ca_evtc/newcerts/C001.pem"
SSLCertificateKeyFile "/etc/ssl/ca_evtc/keys/C001.pem"
...
</VirtualHost>