Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
For secure communication, generate SSL certificates:
# mkdir -p /etc/ssl/privateApache maintains a default virtual host file to handle SSL traffic under the /etc/apache2/sites-available directory named default-ssl.conf. In order for the webserver to encrypt data with your certificate, you'll make some configuration changes in this file.
Use nano text editor to open the /etc/apache2/sites-available/default-ssl.conf file.
$ vi /etc/apache2/sites-available/default-ssl.conf
In this file, locate the line ServerAdmin sample_email@example.com as shown below.
......
Under the above line, add the ServerName name directive followed by your domain name or the public IP address of your server as shown below.
......
Then, still in the same file, locate the SSL settings below.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pemSSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Specify the full file paths of your certificate (/etc/ssl/certs/apache.crt) and private key (/etc/ssl/private/apache.key). The two lines should look as follows after editing.
SSLCertificateKeyFile /etc/ssl/private/server.key
Save and close the file when you're done with editing. Next, use the Apache a2enmod command to enable the ssl module.
# a2enmod ssl
Then, use the a2ensite to enable the default-ssl.conf virtual host file.
# a2ensite default-ssl.conf
Restart the Apache webserver to load the new changes.
$ systemctl restart apache2
Your apache web server is now ready to serve encrypted content. However, before you test the new settings, you'll configure your firewall to allow secure connections through port 443.
Visit the URL below in a web browser and replace 192.0.2.1 with the correct public IP address or domain name. Make sure you're using the https:// protocol.
Once you've generated, set up, and tested your SSL/TLS certificate, you can optionally redirect any HTTP traffic to HTTPS by editing the /etc/apache2/sites-available/000-default.conf file. Use nano to open the file.
$ vi /etc/apache2/sites-available/000-default.conf
Then, enter the line Redirect "/" "https://192.0.2.1/" just below the <VirtualHost *:80> opening tags. Again, replace 192.0.2.1 with your domain name or server's public IP address.
</VirtualHost>
Save and close the file. Next restart the Apache webserver to load the new configuration settings.
$ systemctl restart apache2
Visit the HTTP URL below on a web browser. You should now be redirected to the HTTPS version of the web page.
Your SSL/TLS certificate a