How to enable SSL for your Apache hosted website

| January 3, 2021

Are you hosting your website on Apache Web Server? Ever wonder how to serve secure content to your users via TLS?

For those not familiar with TLS (Transport Layer Security), formerly known as SSL (Secure Sockets Layer), it is simply a mechanism for establishing secure connections between servers and web browsers.

This tutorial will take you through simple steps to enable TLS in Apache. The tutorial assumes you are already running Apache on a CentOS server.

First, you need to download and install Apache SSL module. Do this by running the following command:

yum install mod_ssl

Next, modify Apache configuration file located at /etc/httpd/conf/httpd.conf. Add a new virtual host for port 443 (default SSL port)

<VirtualHost *:443>
  SSLEngine on
</VirtualHost>

Next, add links to certificate files inside the virtual host:

  • SSLCertificateFile: Server Certificate
  • SSLCertificateKeyFile: Server Private Key
  • SSLCertificateChainFile: Server Certificate Chain

The virtual host should now look something like this:

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/ssl/server.crt
  SSLCertificateKeyFile /etc/ssl/server.key
  SSLCertificateChainFile /etc/ssl/server.ca-bundle
</VirtualHost>

You can avail of a free certificate at Let’s Encrypt

You may also set X-Forwarded-Proto header to HTTPS within the virtual host to specify that the traffic it receives is HTTPS:

RequestHeader set X-Forwarded-Proto "https"

If you also want your users to be redirected to https for all http traffic, you may need to configure redirection rules within the virtual host. Achieve this by adding the following to the virtual host:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You could also configure redirection rules through the .htaccess file at the root of your web server.

The configuration file should now look like this:

<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/ssl/server.crt
  SSLCertificateKeyFile /etc/ssl/server.key
  SSLCertificateChainFile /etc/ssl/server.ca-bundle

  RequestHeader set X-Forwarded-Proto "https"

  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

Save the configuration file and restart Apache for changes to take effect. Should now be able to browse your site via SSL.

Enjoy !!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Please provide your comments.
Please provide your name.
Please provide your email.