How to Set Up Apache HTTP with an SSL Certificate
A website works with several key elements, which include a frontend, a web server, and a network. Apache web server is a free and open-source web server. A web server serves content to different types of users who request multiple site pages. Therefore, you need a reliable solution. Apache has been the first choice for many organizations.
Apache enables organizations to serve content to users as per demand and improves the browsing experience. The latest versions of the web server come with advanced security features. However, is SSL certification necessary for the Apache servers? WHY?
An example is the Java library called Log4J, which has been a significant cyber threat for many organizations using Apache servers. Similarly, several cyber threats need security measures. Therefore, installing an SSL certificate on Apache in Linux or any other server comes organically, especially to counter vulnerabilities like Log4J.
Therefore, here we are with an Apache SSL configuration step-by-step guide for your systems. So, let us begin by understanding the SSL certification process and a brief history of the Apache server first.
Latest information about Apache history and versions
Developed by Robert McCool, Apache web server software is one of the most popular servers in the open-source community. McCool worked on an HTTPd webserver at the National Center for Supercomputing Applications in 1994 when he developed the server.
However, it was built and released in 1995 and became popular in 1996. One of the most significant impacts of the Apache server was the meteoric rise of Linux as a server platform.
The latest version of Apache-2.4.54 (as of writing) comes with many changes,
- MDRetryDelay defines the delay before sending a retry request for choosing a certificate authority(CA)
- Insecure codes from mode_http2 have been cleaned
- Added support for status to be “auto” when values are in “Key: value” format
- Rectified CVE-2022-31813 vulnerability, which bypasses access restrictions based on IP addresses
- Fix to cope with CVE-2022-30522 exposure, which causes denial of service
Now that we have discussed the latest Apache version, how it supports SSL certificate configuration for advanced security. Let us understand the installation process.
How to generate a CSR code on Apache?
Understanding the SSL certification process is crucial before you generate a certificate signing request or CSR. SSL certificates are based on asymmetric encryptions; two security pairs are generated for encryption and decryption.
The process begins when you purchase an SSL certificate from a trustworthy CA. Next, for the issuance process, you require to submit the CSR.
Here is a step-by-step process to generate a CSR on Apache for a premium SSL:
- Connect to your server terminal through a Secure Shell (SSH)
- Generate a private key pair with CSR files
- Use the following command in the terminal
openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr
- Add specific details regarding your organization in the CSR like
Country name-It requires a two-letter code for the country of business location for validation purposes.
State name- A data that specifies the business registered in which province.
Locality name- Specifies the business address.
Organization legal name- provides the registered and legally bound business name.
Email address- as a part of the contact details for verification and sending SSL files
- After entering the company details, OpenSSL will create two files- one for the private key and the other for CSR
- Save the CSR file on your device and submit it to the CA for the verification process.
Now that your CSR has been submitted, you need to send it to the SSL provider. After that, the configuration process is done, and an applicant has to provide business-related legal documents and provide all required details. After completing the domain validation process via either email, file verification, or CNAME base, the authority inspects the documents and further verifies through phone verification. Finally, the CA issues a certificate, which needs to be installed on the server. The CA sends the certificate in a registered email.
This may differ depending on the SSL provider, but generally, all CAs have a similar process.
Install an SSL Certificate on Apache
First, copy the certificate files stored on your local device to the server. You will receive the SSL certificate file in a bundle through email by CA. Now download the intermediate certificate, and primary certificate from the bundle received in the mail to the local device.
Upload Certificate File on The Server:
Copy these certificate files on the server directory and make them readable only by root. To upload the files, you may need to use your server’s control panel (if available), or a file-transfer tool (SFTP). And then you need to find the config file on your server.
Locate Apache Configuration File:
It is important to note that name and location of files can vary for different servers. However, for Apache, it is mostly “httpd.config” or apache2.conf. The location of these files will be in /etc/httpd or /etc/apache2/.
Now open the SSL certificate config in a virtual host block. The config file will be in the directory-/ etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf. Let’s discuss an alternate way of installing an SSL certificate in Apache Linux,
- Use the following command for configuring the virtual hosts. You need to add/modify the virtual host in port 443. You should take a backup before making any changes to Virtual Host. Save file as *.conf_backup.
- Check the below directives with their status.
- SSLEngine on
- SSLCertificateFile- It shows the location of the Certificate
- SSLCertificateKeyFile- It shows the location of your Private Key.
- SSLCertificateChainFile It is the location of the CA-Bundle file.
- The Virtual Host will look as follows:
<VirtualHost *:443> DocumentRoot /var/www/html2 ServerName www.mydomain.com SSLEngine on SSLCertificateFile /path/to/my_domain_name.crt SSLCertificateKeyFile /path/to/my_private.key SSLCertificateChainFile /path/to/yCA.crt </VirtualHost>
- Check the config files for errors through apachectl configtest
- Restart the Apache server, and the SSL configuration is complete.
Now that the SSL certificate is installed, it is time to test it.
Test your SSL installation.
Once the SSL certificate is installed on the Apache server, you can check it using different available tools. For example, many SSL installation checker tools help you find vulnerabilities and errors in configurations once you have installed the certificate.
(Optional) Redirect HTTP to HTTPS
Now that you have an SSL certificate, you can use HTTPS for your domain. To set it up, you need to edit your Apache conf file again. This is how it should look like:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost><VirtualHost *:443> SSLEngine on SSLCertificateFile /path/to/my_domain_name.crt SSLCertificateKeyFile /path/to/my_private.key SSLCertificateChainFile /path/to/yCA.crt # Rest of your site config # ... </VirtualHost>
Conclusion
There is no denying that increasing cybersecurity threats need an equally advanced security measure to counter attacks. Apache web servers can be vulnerable to cyberattacks, so installation of SSL in Apache Linux and other OS is essential. So, follow the steps we discussed and if you have any doubts, feel free to comment.
