Apache with SSL and http redirection to https on Ubuntu


The TLS (transport layer security) and its predecessor SSL( secure sockets layer)  are the secure protocols created in order to place normal traffic in a protected, encrypted wrapper.
These protocols allow traffic to be sent safely between remote parties with secure data transfer  where  data is being intercepted and read by someone else in the middle.
In this guide, will learn how to create a self-signed SSL certificate for Apache on an Ubuntu 14.04 server.  Which will allow you to encrypt traffic from your server to client. While this does not provide the benefit of third party validation of your server's identity, it only full fills the requirements of those simply wanting to transfer information securely to the client.


Pre-requisites

Update the linux using this command

# sudo apt-get update

Install the apache if not installed

# sudo apt-get install apache2

Activate the SSL Module
Enable the module by typing

# sudo a2enmod ssl

After you have enabled SSL, you'll have to restart the web server for the change to be recognized:

#sudo service apache2 restart

Create a Self-Signed SSL Certificate

# sudo mkdir /etc/apache2/ssl

# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/test.key -out /etc/apache2/ssl/test.crt

Generating a 2048 bit RSA private key
................+++
.............+++
writing new private key to '/etc/apache2/ssl/test.key'
/etc/apache2/ssl/test.key: No such file or directory
140611063744160:error:02001002:system library:fopen:No such file or directory:bs                                                                                       s_file.c:398:fopen('/etc/apache2/ssl/test.key','w')
140611063744160:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
root@osticket:~# mkdir /etc/apache2/ssl
root@osticket:~# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/test.key -out /etc/apache2/ssl/test.crt
Generating a 2048 bit RSA private key
.+++
..................+++
writing new private key to '/etc/apache2/ssl/test.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Telengana
Locality Name (eg, city) []:Hyderabad
Organization Name (eg, company) [Internet Widgits Pty Ltd]:test
Organizational Unit Name (eg, section) []:helpdesk
Common Name (e.g. server FQDN or YOUR name) []:helpdesk.test.com
Email Address []:test@xyz.com


Configure Apache to Use SSL

# vi /etc/apache2/sites-enabled/default-ssl.conf


<VirtualHost 192.168.0.1:443>
     DocumentRoot /var/www/
     SSLEngine on
     SSLCertificateFile /etc/apache2/ssl/apache.crt
     SSLCertificateKeyFile /etc/apache2/ssl/apache.key
</VirtualHost>

Activate the SSL Virtual Host

# sudo a2ensite default-ssl.conf

# service apache2 restart

This should enable your new virtual host, which will serve encrypted content using the SSL certificate you created.

No w can open any browser of our choice and check https://your-ip-address

To Redirect http to https 80 - 443

Comment to  <virtual host *:80>  section and add

# vi /etc/apache2/apache2.conf

<VirtualHost *:80>
         ServerName 192.168.87.138
         Redirect /scp https://192.168.87.138/scp
         DocumentRoot /var/www/html/osticket/upload
</VirtualHost>

#<VirtualHost *:80>
#    ServerName 192.168.87.138
#    DocumentRoot /var/www/html/osticket/upload
#</VirtualHost>

No w can open any browser of our choice and check http://your-ip-address it will automatically redirect the browser to https://your-ip-address

Keywords, Ubuntu OpenSSL, SSL, Apache, 443, Redirection on https.

Location: Hyderabad, Telangana, India

Comments

Post a Comment

Popular posts from this blog

Observium: Configuring Microsoft Windows 2008 Server SNMP Agent

Image
1 . Open Control Pannel. 2. Right click on “ Programs & Features ” and click on “ Turn Windows Features on or off" 3 . Expand “ SNMP Services ” and select “ SNMP Service ” click Next 4. Click Install 5. Close  Programs & Features ” 6. Open Ädministraive Tools and clicket Services 7. Expand Configuration and select Services,  Select SNMP Service , right click and select properties 8 . Select the “ Agent ” tab 9. Type the contact name responsible for this server or email address 10 . Type the location eg, Hyderabad,India. 11 . Tick the following  Physical Datalink and subnetwork  SNMP Trap Service - Agent 12 . Select the “ Traps ” tab 13 . Type in the community string you are using in your environment and select “ Add to list ” 14 . Click “ Add ” 15 . Type the IP of the Observium ServerSNMP Trap Service - Traps 16 . Select “ Security ” tab 17 . Ensure “ Send authentication trap ” is
Read more

AWS: Introduction to AWS (Amazon Web Services)

Image
Amazon Web Services (AWS) Considering that you don't have an account with AWS ( Amazon Web Services) this Demo is divided into 5 steps 1. Creating/Sign Up for AWS account. 2. Creat ing an IAM user . 3. Creat ing a secure key pair. 4. Creat ing a Virtual Private Cloud (VPC) 5. Creat ing a security group for access. 1. Creating/Sign Up for AWS account When we sign up for the AWS account, we get automatic  access for all the services in the AWS, which includes the Amazon EC2 and we are charged for only the services which we chose and use. With Amazon EC2 we will pay for that what we use and if we are a  new AWS customer and we can get started with Amazon EC2 for free. If we have an AWS account already, we can skip the next task or else we can continue with the account creation. You can check the AWS Free Tier information here http://aws.amazon.com/free/ To create an AWS account, we needed to access the URL a). Connect to the URL http://
Read more

System/Server Health Status using PowerShell

Image
System/Server Health Status using PowerShell Support team or System Administrators who are willing to get the system health check status can use this script. This script has been written in Powershell and it can generate   reports   in HTML format. This script can give you below information: Hardware: To Get Manufacturer, Model, No.   Of   Logical Processors, Installed Memory.   Code:  Get-WmiObject -class Win32_ComputerSystem -ComputerName $Computername | Select-Object Name,Domain,Manufacturer, Model,NumberOfLogicalProcessors,@{ Name = "Installed Memory (GB)" ; Expression = { "{0:N0}" -f( $_.TotalPhysicalMemory / 1gb ) } }            CPU Details: To Get  CPU speed, Current CPU Usage in %,  Code: Get-WmiObject win32_processor | Select-Object SystemName,@{ Expression = { $_.MaxClockSpeed/1000 } ; Name = "CPU Speed in GHz." } ,NumberOfCores,NumberOfLogicalProcessors,@{ Name = "Current CPU Ussage in % " ; Expre
Read more