This post can be seen as a continuation of “Creating local virtual hosts with apache“. We are going to extend the virtual server we created to be accessible via SSL locally.
We start by activating the SSL module:
1
sudo a2enmod ssl
The next step is to create the encryption keys for our certificate:
cd /etc/apache2
sudo openssl genrsa -des3 -out server.key 1024
The openssl genrsa command generates an RSA private key. The arguments provided instruct genrsa to use triple DES encription and output to a file called server.key of 1024 bits.
Now we create our certificate:
1
sudo openssl req -new -key server.key -out server.csr
The openssl req command generated certificates and certificates requests. The arguments provided instruct req to create a new request (we will be prompted for the information of the certificate) using the server.key and output it to server.csr.
Now we sign the certificate:
1
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Install key and certificate:
1
2
sudo cp server.crt /etc/ssl/certs/
sudo cp server.key /etc/ssl/private/
Now we are going to modify our virtual host file to work with SSL too:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<VirtualHost *:80>
ServerName ncona.dev
ServerAlias www.ncona.dev
DocumentRoot /home/adrian/www/ncona.dev
<Directory /home/adrian/www/ncona.dev>
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName ncona.dev
ServerAlias www.ncona.dev
DocumentRoot /home/adrian/www/ncona.dev
SSLEngine on
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
<Directory /home/adrian/www/ncona.dev>
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
And finally we restart apache:
1
sudo /etc/init.d/apache2 restart
apache linux