wiki:NspwUprouse/Agenda/https

HTTPS

With Self-Signed Certificates

In this Lab, we will install a web server (Apache2) and enable HTTPS using self-signed SSL certificates. Lab session has to be done in the Ubuntu VM.

Install Apache2

Apache is a web server application that is widely used on the internet for more than 20 years, and it is a well-documented piece of Free and Open Source Software managed by the Apache Foundation. (https://httpd.apache.org/)

Before installing, we need to update our repositories.

sudo apt-get update

Once the repo lists are updated run,

sudo apt-get install apache2

When asked, press Y and hit Enter to continue, and the installation will proceed.

Check installed apache version details by issuing,

$ apache2 -v

Now go to your host machine. Open a web browser and type the IP address of your Ubuntu VM. You will get the Apache default page.

Self-Signed Certificate

Use the following command to create the certificate and the key.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache_prv.key -out /etc/ssl/certs/apache_crt.crt

You will be asked series of questions; answer them carefully.

Country Name (2 letter code) [AU]:LK
State or Province Name (full name) [Some-State]:Kandy
Locality Name (eg, city) []:Peradeniya
Organization Name (eg, company) [Internet Widgits Pty Ltd]:YourInst
Organizational Unit Name (eg, section) []:IT Team
Common Name (e.g. server FQDN orYOUR name) []:
Email Address []:info@yourname.ac.lk

Once finished, it will create two files in /etc/ssl. Private will be saved as apache_prv.key, and certificate will be saved as apache_crt.crt

Configure apache

let us create virtual host files for the web

sudo nano /etc/apache2/sites-available/lab.conf

Include the following

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
         ServerAdmin admin@yourname.ac.lk
         ServerName <FQDN of your website>
         DocumentRoot /var/www/html
         <Directory /var/www/html>
                  Require all granted
         </Directory>
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         SSLEngine on
         SSLCertificateFile      /etc/ssl/certs/apache_crt.crt
         SSLCertificateKeyFile /etc/ssl/private/apache_prv.key
         <FilesMatch "\.(cgi|shtml|phtml|php)$">
                  SSLOptions +StdEnvVars
         </FilesMatch>
         <Directory /usr/lib/cgi-bin>
                  SSLOptions +StdEnvVars
         </Directory>
         </VirtualHost>
</IfModule>

Now enable this site and SSL by

sudo a2enmod ssl
sudo a2ensite lab.conf

Try browsing from your host machine https://<IP address of the Ubuntu VM>, and you will be warned about the untrusted connection as it is a self-signed authentication.

HTTPS with Let's Encrypt

Prior to enabling HTTPS via let's encrypt, you need to satisfy the following;

  • You have public IP connectivity.
  • Both HTTP and HTTPS are enabled from firewall/s.
  • HTTP site is working. If you have multiple webserver virtual hosts, make sure the ServerName attribute in every host config file is correctly populated.
  • Proper DNS values are assigned to your IP address.

Follow the guideline from the official certbot. (These steps can change time to time, so always refer the original site.)

https://certbot.eff.org/lets-encrypt/ubuntufocal-apache
Last modified 3 years ago Last modified on Sep 6, 2021, 8:05:16 PM
Note: See TracWiki for help on using the wiki.