A secure connection between the web browser and the server ensures that customers can make secure transactions without fear of their data being stolen. The ideal way to create such a connection is to use a combination of Apache and SSL (Secure Communications Protocol). In this article, we will show you how to secure the connection between the Apache server and the user's browser using an SSL certificate.
SSL is a protocol for securely transmitting encrypted data between a web browser and a web server. In most cases, the authentication process occurs only on the server side, i.e. the client sees that this is exactly the server that was originally announced. Once the connection is established, it will automatically become secure because only the client and server will have access to the key material, and no one else. Typically, client authentication is not required in this case, but in some cases it is still implemented using client SSL certificates.
Installing SSL for Apache
After issuing the certificate, you will need to configure Apache. The process for configuring Apache for SSL is as follows:
We save the main and intermediate certificates in a separate folder on the server along with the private key.
Open the Apache configuration file in a text editor. Apache configuration files are usually stored in /etc/httpd/ or /etc/apache2/. The main configuration file is usually called httpd.conf or apache2.conf. In most cases, the <VirtualHost> blocks will be at the very bottom of the httpd.conf file. Sometimes <VirtualHost> blocks may be located in separate files in the /etc/httpd/vhosts.d/ or /etc/httpd/sites/ directories, or in the ssl.conf file. You can find the location of the SSL configuration on Linux distributions using grep:
grep -i -r "SSLCertificateFile" /etc/httpd/
In this case, "/etc/httpd/" is the base directory in your Apache build.
If you want your site to be accessible through both secure (https) and insecure (http) connections, then you will need to create a virtual host for each connection type. Copy the existing virtual host for the http connection and change the port from 80 to 443.
Add the following lines to the file (in bold):
<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/leader_site
ServerName www.leader_site.com
SSLEngine on
SSLCertificateFile /etc/ssl/crt/bazov_cert.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
</VirtualHost>
Change the file names and paths to match your certificate files:
SSLCertificateFile – the main certificate file for your domain.
SSLCertificateKeyFile – key file generated during the CSR creation process.
We save the changes and test the Apache configuration. It is best to test the configuration in advance for various syntax errors, otherwise Apache simply will not start. To test, run the following command:
apachectl configtest
We restart Apache using the command:
service httpd restart