4/25/2019 Enable SSL for apache server in 5 minutes – Charles's Blog

CHARLES'S BLOG (HTTPS://HALLARD.ME/)

I NOW GOT A SMALL PLACE ON THE WEB

HOME (HTTP://HALLARD.ME/) | ARDUIPI (HTTPS://HALLARD.ME/CATEGORY/ARDUIPI/) | ULPNODE (HTTPS://HALLARD.ME/CATEGORY/ULPNODE/) |

COMMUNITY FORUM (HTTPS://COMMUNITY.HALLARD.ME) | ABOUT (HTTPS://HALLARD.ME/ABOUT/)

Enable SSL 44 (https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/#comments) Search … SEARCH

for apache server in 5 minutes
Posted on October 16, 2012 (https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/) by Charles
(https://hallard.me/author/hallard/) LAT ES T
Le module PiTinfo V1.2 devient plus light
This post describe how to quickly enable SSL for apache web server under linux. This has been done
(https://hallard.me/pitinfov12-light/) June 14, 2018
on a clouded virtual machine, the Linux distribution is Ubuntu 12.04 LTS Server, the one provided by
Amazon Aws or Microsoft Azure. This procedure may not work or may differ on older or different Damaged community forum, lost data, again !!!!
(https://hallard.me/damaged-community-forum-lost-
distribution.
data-again/) January 3, 2018

Nouvelle version du Dongle µTeleinfo

What need to be in place ? (https://hallard.me/utinfo/) February 21, 2016

You need to already have apache server running on http port 80 (or whatever) and when you try to Fixed USB /dev/name for USB Micro Teleinfo device
go to your website for example http://demo.hallard.me (http://demo.hallard.me) you should have the (https://hallard.me/fixed-usb-dev-uteleinfo/) February
well know page 5, 2016

Happy New Year! (https://hallard.me/happy-new-

year/) January 22, 2016
It works!
This is the default web page for this server. POPULA R
The web server software is running but no content has been added, yet.
The "Google Analytics Top Content" widget
requires the plugin, "Google Analytics for
Once this is ok, just go to your server with ssh WordPress by M onsterInsights", to be installed
and activated.

What do to ? Install plugin (https://hallard.me/blog/wp-

admin/plugins.php?page=install-required-plugins) |
Ok let’s start where we will put the certificates (in /etc/apache2/ssl)
Activate plugin (https://hallard.me/blog/wp-
Shell admin/plugins.php).
sudo mkdir /etc/apache2/ssl

now we generate the certicates, for 3 years (1095 days) under the folder we created above.
RECEN T COM M EN T S
Shell
sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/apache2/ssl/server.crt -keyout /etc/ap Le module PiTinfo V1.2 devient plus light –
Charles's Blog (https://hallard.me/pitinfov12-light/)
that will show the following, and ask you some questions.
on Réaliser une mise à jour sans fil (OTA) avec un
ESP8266 (https://hallard.me/esp8266-
ota/#comment-11548)

Le module PiTinfo V1.2 devient plus light –

Charles's Blog (https://hallard.me/pitinfov12-light/)
on Enable serial port on Raspberry Pi
(https://hallard.me/enable-serial-port-on-raspberry-
pi/#comment-11547)

https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/ 1/4
 Generating a 2048 bit RSA private key
4/25/2019 Enable SSL for apache server in 5 minutes – Charles'sLeBlog
module PiTinfo V1.2 devient plus light –
............................................+++
.....................+++ Charles's Blog (https://hallard.me/pitinfov12-light/)
writing new private key to '/etc/apache2/ssl/server.key' on PiTInfo V1.2, en finir avec la téléinfo capricieuse
-----
You are about to be asked to enter information that will be incorporated (https://hallard.me/pitinfov12/#comment-11546)
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN. Ma Raspberry Pi MusicBox – jblab
There are quite a few fields but you can leave some blank (http://jblab.info/ma-raspberry-pi-musicbox/) on
For some fields there will be a default value,
Protect your Raspberry PI SD card, use Read-Only
If you enter '.', the field will be left blank.
----- filesystem (https://hallard.me/raspberry-pi-read-
Country Name (2 letter code) [AU]:FR only/#comment-11545)
State or Province Name (full name) [Some-State]:Poitou
Locality Name (eg, city) []:Montamise Récupérer les informations du compteur EDF en wifi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Internet Self CA
Organizational Unit Name (eg, section) []:IT avec un ESP8266 – Jb's Blog
Common Name (e.g. server FQDN or YOUR name) []:demo.hallard.me (https://jbdesbas.wordpress.com/2017/02/25/recupere
Email Address []:mydummy@email.com
les-informations-du-compteur-edf-avec-un-esp8266/)
on PiTInfo V1.2, en finir avec la téléinfo capricieuse
The most important, is the Common Name, it should match the internet name FQDN (here
(https://hallard.me/pitinfov12/#comment-11542)
demo.hallard.me)

Now we install the SSL mod for apache, this instruction pre configure the file /etc/apache2/ports.conf
with some line and the important one that say Listen 443 CAT EGORIES
Shell Arduino (https://hallard.me/category/arduino/) (24)
sudo a2enmod ssl
ArduiPi (https://hallard.me/category/arduipi/) (15)
We put the default-ssl site available creating a symbolic link
Domotique (https://hallard.me/category/domotique/)
Shell (10)
sudo ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl
Electronic (https://hallard.me/category/electronic/)
Now we edit the file default-ssl (or default-ssl.conf for new version) we have just enabled (25)

Shell Emoncms (https://hallard.me/category/emoncms/)

sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf (6)

Edit October 2014 : on new apache2 version, configuration files need to have .conf extension, so in ESP8266 (https://hallard.me/category/esp8266/) (1)
this case the two previous commands are now :
IoT (https://hallard.me/category/iot/) (7)
Shell
Library (https://hallard.me/category/library-2/) (3)
sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf

Shell Linux (https://hallard.me/category/linux/) (19)

sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf
Low Power (https://hallard.me/category/low-power/)
End of Edit (9)

and we change the two lines relative to SSLCertificate as follow : NRF24L01 (https://hallard.me/category/nrf24l01-2/)
(5)
/etc/apache2/sites-enabled/000-default-ssl
SSLCertificateFile    /etc/apache2/ssl/server.crt Optware (https://hallard.me/category/optware/) (1)
SSLCertificateKeyFile /etc/apache2/ssl/server.key
Particle (https://hallard.me/category/particle/) (2)
Now restart apache server
Raspberry (https://hallard.me/category/raspberry/)
Shell (17)
sudo /etc/init.d/apache2 restart
RFM12 (https://hallard.me/category/rfm12/) (8)
now you can go with your favorite browser, in my example https://demo.hallard.me
RFM69 (https://hallard.me/category/rfm69/) (4)
(https://demo.hallard.me), the browser will warn you because it is a self signed certificate, but if you
accept it you will now have the same famous “It works!” but with encryption. To avoid warning by Sensors (https://hallard.me/category/sensors/) (6)

browser, you can add the certificate to Trusted Root Certificate Authority of your computer. The Synology (https://hallard.me/category/synology/) (3)
procedure to to this depends on browser and operating system, so google is your friend.
Téléinformation (https://hallard.me/category/tinfo/)
Now it is safe that you force SSL encryption on each page that require authentication. (11)

For example, for WordPress, add the following two lines (just after the other existing define lines in the Tutorial (https://hallard.me/category/tutorial/) (17)

file wp-config.php (located in wordpress installation dir) ULPNode (https://hallard.me/category/ulpnode/) (8)

wp-config.php PHP Uncategorized

define('FORCE_SSL_LOGIN', true);
(https://hallard.me/category/uncategorized/) (1)
define('FORCE_SSL_ADMIN', true);
https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/ 2/4
 This will force each login to use SSL and all admin site to use
4/25/2019 SSL SSL for apache server in 5 minutes – Charles'sWifInfo
Enable Blog (https://hallard.me/category/wifinfo/) (3)

You can do the same for phpmyadmin adding to the file /etc/phpmyadmin/config.inc.php

/etc/phpmyadmin/config.inc.php PHP A RCH IVES

$cfg['ForceSSL'] = 'true';
June 2018 (https://hallard.me/2018/06/) (1)

January 2018 (https://hallard.me/2018/01/) (1)

February 2016 (https://hallard.me/2016/02/) (2)

 Linux (https://hallard.me/category/linux/)  apache (https://hallard.me/tag/apache/), apache2
(https://hallard.me/tag/apache2/), certificate (https://hallard.me/tag/certificate/), cloud January 2016 (https://hallard.me/2016/01/) (1)
(https://hallard.me/tag/cloud/), linux (https://hallard.me/tag/linux-2/), openssl (https://hallard.me/tag/openssl/),
December 2015 (https://hallard.me/2015/12/) (1)
phpmyadmin (https://hallard.me/tag/phpmyadmin/), self (https://hallard.me/tag/self/), server
(https://hallard.me/tag/server/), signed (https://hallard.me/tag/signed/), SSL (https://hallard.me/tag/ssl/), web November 2015 (https://hallard.me/2015/11/) (2)
(https://hallard.me/tag/web/), wordpress (https://hallard.me/tag/wordpress/)
October 2015 (https://hallard.me/2015/10/) (1)

September 2015 (https://hallard.me/2015/09/) (2)

CHARLES
July 2015 (https://hallard.me/2015/07/) (5)
M O R E P O S T S ( H T T P S : // H A L L A R D. M E /A U T H O R / H A L L A R D / )
June 2015 (https://hallard.me/2015/06/) (2)

May 2015 (https://hallard.me/2015/05/) (1)

April 2015 (https://hallard.me/2015/04/) (1)

 INSTALL VPN SERVER WITH LINUX HOW TO INSTALL KERNEL MODULES ON SYNOLOGY
February 2015 (https://hallard.me/2015/02/) (2)
(HTTPS://HALLARD.ME/INSTALL-VPN-SERVER-WITH- DS1010 DSM 4.1, 4.2, 4.3, 5.0, 5.1 OR 5.2 
December 2014 (https://hallard.me/2014/12/) (2)
LINUX/) (HTTPS://HALLARD.ME/HOW-TO-INSTALL-KERNEL-
MODULES-ON-SYNOLOGY-DS1010-DSM-4-1/) September 2014 (https://hallard.me/2014/09/) (3)

August 2014 (https://hallard.me/2014/08/) (1)

July 2014 (https://hallard.me/2014/07/) (1)

Join the conversation
May 2014 (https://hallard.me/2014/05/) (2)

March 2014 (https://hallard.me/2014/03/) (1)

September 2013 (https://hallard.me/2013/09/) (2)

LOGIN REGISTER
August 2013 (https://hallard.me/2013/08/) (3)

Ethan Roman commented 6 months ago July 2013 (https://hallard.me/2013/07/) (2)

June 2013 (https://hallard.me/2013/06/) (2)

Thank you
s://community.ch2i.eu/user/ethan-
n) February 2013 (https://hallard.me/2013/02/) (1)
Oliver Russell commented last year
November 2012 (https://hallard.me/2012/11/) (1)
Nice guide for integrating <a
s://community.ch2i.eu/user/oliver- October 2012 (https://hallard.me/2012/10/) (3)
ell) href="https://www.cloudways.com/blog/add-ssl-certificates-to-custom-
php-sites/ (https://www.cloudways.com/blog/add-ssl-certificates-to- August 2012 (https://hallard.me/2012/08/) (1)

custom-php-sites/)">PHP with SSL</a>. But this doesn't include how to May 2012 (https://hallard.me/2012/05/) (1)
write redirect rules so your http php site is redirect to https urls. You can
April 2012 (https://hallard.me/2012/04/) (1)
write the redirect rules in .htacess.
June 2009 (https://hallard.me/2009/06/) (1)

rubybenson commented last year

R April 2009 (https://hallard.me/2009/04/) (1)

Thanks for this great article. I got many ideas from this blog. You may
s://community.ch2i.eu/user/rubybenson)
get some more ideas here http://bit.ly/2Afdi6i (http://bit.ly/2Afdi6i)
M ETA
test123 commented 2 years ago
Log in (https://hallard.me/blog/wp-login.php)

You bloody genius. Entries RSS (Really Simple Syndication)

s://community.ch2i.eu/user/test123)
(https://hallard.me/feed/)
https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/ 3/4
 4/25/2019 Enable SSL for apache server in 5 minutes – Charles'sComments
Blog RSS (Really Simple Syndication)
Raju Ginne commented 2 years ago
(https://hallard.me/comments/feed/)
how to enable ssl for only website in server all other are port 80
s://community.ch2i.eu/user/raju- WordPress.org (https://wordpress.org/)
e) if i enabled ssl module then port 80 http traffic refusing

Israel Barragan commented 2 years ago

So simple. I had to do a few trick on my apache configuration becabuse

s://community.ch2i.eu/user/israel-
gan) I compiled it from source but your post helped a lot. I have setting up my
SSL on my Debian and Linux Mint distros.

Charles commented 3 years ago

@AfroViking (https://community.ch2i.eu/uid/238)
s://community.ch2i.eu/user/charles)
thanks for the head up, I will add these line for sure

AfroViking commented 3 years ago

A
Thank you so much!!! I can finally go to bed now :D
s://community.ch2i.eu/user/afroviking)
BTW I would also recommend these lines in the default-ssl or default-
ssl.conf (depending on what is in your folder when logged into your
server
/etc/apache2/sites-available/
under: <Virtual host default:443>

Find a place to put this three lines

Header add Strict-Transport-Security "max-age=1576800"
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>
This will give you a better score at https://sslanalyzer.comodoca.com/
(https://sslanalyzer.comodoca.com/)

Powered by NodeBB (http://nodebb.org) • View original thread (https://community.ch2i.eu/topic/11)

© 2019 Charles's Blog. All rights reserved. Hiero (http://athemes.com/theme/hiero) by aThemes

https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/ 4/4