Categories
How to Set Up Apache HTTP with an SSL Certificate
A frontend, a web server, and a network are some of the essential components that make up a website. The Apache web server is open-source and free. Various user categories who request numerous site pages are served content by a web server. You therefore require a trustworthy option. Many enterprises have chosen Apache as their first option.
Apache enables organizations to serve content to users as per demand and improves the browsing experience. The latest versions of the web server come with advanced security features. However, is SSL certification necessary for the Apache servers? WHY?
An example is the Java library called Log4J, which has been a significant cyber threat for many organizations using Apache servers. Similarly, several cyber threats need security measures. Therefore, installing an SSL certificate on Apache in Linux or any other server comes organically, especially to counter vulnerabilities like Log4J.
So, let us begin by understanding the SSL certification process and a brief history of the Apache server first.
Latest information about Apache history and versions
One of the most widely used servers in the open-source community is the Apache web server, which was created by Robert McCool. In 1994, McCool built an HTTPd webserver while he was employed at the National Center for Supercomputing Applications. However, it was built and released in 1995 and became popular in 1996. One of the most significant impacts of the Apache server was the meteoric rise of Linux as a server platform. It has celebrated its 25th birthday as a project in February 2020.
The latest version of Apache-version 2.4.62 (as of writing) comes with many changes,
- Run-time Loadable MPMs: Multiple MPMs can now be built as loadable modules at compile time. The MPM of choice can be configured at run time via
LoadModuledirective. - Better support for asynchronous read/write for supporting MPMs and platforms.
<If>,<ElseIf>, and<Else>sections can be used to set the configuration based on per-request criteria.- The new
AllowOverrideListdirective allows more fine grained control which directives are allowed in.htaccessfiles. - FastCGI Protocol backend for
mod_proxy - New module to restrict certain HTTP methods without interfering with authentication or authorization.
- Replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxies or a load balancer via the request headers.
Now that we have discussed the latest Apache version, how it supports SSL certificate configuration for advanced security. Let us understand the installation process.
How to generate a CSR code on Apache?
Understanding the SSL certification process is crucial before you generate a certificate signing request or CSR. SSL certificates are based on asymmetric encryptions; two security pairs are generated for encryption and decryption.
The process begins when you purchase an SSL certificate from a trustworthy CA. Next, for the issuance process, you require to submit the CSR.
Here is a step-by-step process to generate a CSR on Apache for a premium SSL:
- Connect to your server terminal through a Secure Shell (SSH)
- Generate a private key pair with CSR files
- Use the following command in the terminal
openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr
- Add specific details regarding your organization in the CSR like
Country name-It requires a two-letter code for the country of business location for validation purposes.
State name- A data that specifies the business registered in which province.
Locality name- Specifies the business address.
Organization legal name- provides the registered and legally bound business name.
Email address- as a part of the contact details for verification and sending SSL files
- After entering the company details, OpenSSL will create two files- one for the private key and the other for CSR
- Save the CSR file on your device and submit it to the CA for the verification process.
Now that your CSR has been submitted, you need to send it to the SSL provider. After that, the configuration process is done, and an applicant has to provide business-related legal documents and provide all required details. After completing the domain validation process via either email, file verification, or CNAME base, the authority inspects the documents and further verifies through phone verification. Finally, the CA issues a certificate, which needs to be installed on the server. The CA sends the certificate in a registered email.
This may differ depending on the SSL provider, but generally, all CAs have a similar process.
Install an SSL Certificate on Apache
First, copy the certificate files stored on your local device to the server. You will receive the SSL certificate file in a bundle through email by CA. Now download the intermediate certificate, and primary certificate from the bundle received in the mail to the local device.
Upload Certificate File on The Server:
Copy these certificate files on the server directory and make them readable only by root. To upload the files, you may need to use your server’s control panel (if available), or a file-transfer tool (SFTP). And then you need to find the config file on your server.
Locate Apache Configuration File:
It is important to note that name and location of files can vary for different servers. However, for Apache, it is mostly “httpd.config” or apache2.conf. The location of these files will be in /etc/httpd or /etc/apache2/.
Now open the SSL certificate config in a virtual host block. The config file will be in the directory-/ etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf. Let’s discuss an alternate way of installing an SSL certificate in Apache Linux,
- Use the following command for configuring the virtual hosts. You need to add/modify the virtual host in port 443. You should take a backup before making any changes to Virtual Host. Save file as *.conf_backup.
- Check the below directives with their status.
- SSLEngine on
- SSLCertificateFile- It shows the location of the Certificate
- SSLCertificateKeyFile- It shows the location of your Private Key.
- SSLCertificateChainFile It is the location of the CA-Bundle file.
- The Virtual Host will look as follows:
<VirtualHost *:443> DocumentRoot /var/www/html2 ServerName www.mydomain.com SSLEngine on SSLCertificateFile /path/to/my_domain_name.crt SSLCertificateKeyFile /path/to/my_private.key SSLCertificateChainFile /path/to/yCA.crt </VirtualHost>
- Check the config files for errors through apachectl configtest
- Restart the Apache server, and the SSL configuration is complete.
Now that the SSL certificate is installed, it is time to test it.
Test your SSL installation.
Once the SSL certificate is installed on the Apache server, you can check it using different available tools. For example, many SSL installation checker tools help you find vulnerabilities and errors in configurations once you have installed the certificate.
(Optional) Redirect HTTP to HTTPS
Now that you have an SSL certificate, you can use HTTPS for your domain. To set it up, you need to edit your Apache conf file again. This is how it should look like:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443> SSLEngine on SSLCertificateFile /path/to/my_domain_name.crt SSLCertificateKeyFile /path/to/my_private.key SSLCertificateChainFile /path/to/yCA.crt # Rest of your site config # ... </VirtualHost>
Conclusion
Unquestionably, in order to defend against growing cybersecurity threats, security measures must also be equally sophisticated. Installing SSL on Apache Linux and other operating systems is crucial since Apache web servers are susceptible to cyberattacks. Follow the instructions we went over, and don’t hesitate to leave a comment if you have any questions.
