This blog post shows how to install and set up the Apache HTTP Server with SSL on Red Hat Linux (7.x), and we can follow the similar steps for other flavors of Linux.
Step 1: Install Apache HTTP Server
sudo yum install httpd
Step 2: Enable and start the httpd service
sudo systemctl enable httpd.service sudo systemctl start httpd.service
Step 3: Enable the required ports
sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
In above the step we enabled port 80 for http and 443 for https traffic. To configure the SSL, we need to install an additional module mod_ssl.
Step 4: Install mod_ssl module
sudo yum install mod_ssl
This blog post assumes you already have a digital certificate (my-web-site.crt) and private key (my-web-site-private.key).
Step 5: Create a folder and set the correct permission to copy the certificate and private key
mkdir /etc/ssl/certs cp my-web-site.crt /etc/ssl/certs/ cp my-web-site-private.key /etc/ssl/certs/ chmod 700 -R /etc/ssl/certs/
Step 6: Open and update the ssl.conf file
sudo vi /etc/httpd/conf.d/ssl.conf
Step 7: Uncomment DocumentRoot, ServerName under <VirtualHost _default_:443> in ssl.conf file and update with following
DocumentRoot "/var/www/my-web-site/public_html" ServerName www.my-web-site.com:443
Step 8: Find the SSLProtocol and SSLCipherSuite and comment them
# SSLProtocol all -SSLv2 -SSLv3 # SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
Step 9: Find the SSLCertificateFile and SSLCertificateKeyFile lines and change them to the directory we made at /etc/httpd/ssl/certs
SSLCertificateFile /etc/ssl/certs/my-web-site.crt SSLCertificateKeyFile /etc/ssl/certs/my-web-site-private.key
Step 10: Modify the Unencrypted Virtual Host File to Redirect to HTTPS from HTTP
sudo vi /etc/httpd/conf.d/non-ssl.conf
Add the following config lines to non-ssl.conf
<VirtualHost *:80> ServerName www.my-web-site.com Redirect "/" "https://www.my-web-site.com/" </VirtualHost>
Step 11: Verify the Apache configuration is ok
sudo apachectl configtest
Step 12: Stop and start apache to reflect the new SSL configuration
sudo systemctl stop httpd sudo systemctl start httpd
Now the site is secured with SSL, and even any tries to access the website using HTTP, the website redirects to https.