How to enable HTTPS in Apache on Ubuntu Linux?

HTTPS (Hyper Text Transfer Protocol Secure) is an extension of HTTP which is used for communication between web clients and servers. It is responsible for transmitting hypermedia documents such as HTML.

HTTPS is a secure protocol that uses SSL/TLS protocols for encrypting all the requests and responses and secures the communication between clients and servers.

In this article, I will discuss how to enable HTTPS in Apache by setting up the Secure Socket Layer (SSL) on Ubuntu Linux.

Prerequisites

To follow this guide you should have the following –

  • A system running Ubuntu Linux
  • Access to a user account with super user privilege

Update system package repository

Use the following command to update the apt package repository –

sudo apt update

Installing apache

If you don’t have the apache web server installed on your system then use the following command to install it –

sudo apt install apache2 -y

You can verify the apache2 installation by checking its status –

sudo systemctl status apache2

apache status

Use the following command to install OpenSSL –

sudo apt install openssl -y

Enable Apache SSL module

Once the Apache and openssl packages gets installed on your system, use the following command to enable Apache SSL module –

sudo a2enmod ssl

enable ssl module apache

To make the changes effective you need to restart the apache2 on your system –

sudo systemctl restart apache2

Create a self signed SSL certificate

A self signed SSL certificate is a certificate that is not signed or issued by a certificate authority (CA) instead it is signed with its own private key. It is good enough for trying and testing things in development phase.

First you need to generate private key and certificate signing request for your domain. Use the following command to generate it –

sudo openssl req -nodes -newkey rsa:2048 -keyout /etc/ssl/private/private.key -out /etc/ssl/private/request.csr

This will ask you for some information for certificate like your country name, organization name, email, etc.

genereate private key

After request.csr is generated, now you can generate the SSL certificate by using the given command –

openssl x509 -in /etc/ssl/private/request.csr -out /etc/ssl/private/certificate.crt -req -signkey /etc/ssl/private/private.key -days 365

ssl cert

Configure Apache to use SSL

Now you need to configure your Apache webserver to use SSL so you need to edit Apache SSL configuration file.

Use the following command to open Apache SSL configuration file in a editor –

sudo nano /etc/apache2/sites-available/default-ssl.conf

Here edit server admin email and add domain name or IP address of the server –

ssl

Replace the server name i.e. 127.0.0.1 with your own server IP or domain name.

Save the file by pressing Ctrl+s and then Ctrl+x to exit from the editor.

Next use the given command to enable the virtual host file –

sudo a2ensite default-ssl.conf

Open the default virtual host on your apache webserver by using –

sudo nano /etc/apache2/sites-available/000-default.conf

Here add your domain name and add a Redirect directive, pointing all traffic to the SSL version of the site –

deafult virtual host

Save this file and close it.

Now enable the SSL and header module of Apache by using –

sudo a2enmod ssl
sudo a2enmod headers

Finally, reload the Apache services to make the changes effective –

sudo systemctl reload apache2

Verify your SSL server

Now to verify if you SSL server is working or not open a web browser on your system and enter the given URL –

https://server-ip-or-domain

For example –

https://127.0.0.1

This will display the given page initially here warning page is displayed because the certificate is self signed and not signed by a trusted CA.

Now click on the Advanced and then click Accept the Risk and Continue.

This should display the apache2 default page as you can see in the image below.

apache default page

Conclusion

So you have successfully enabled the HTTPS in Apache2 web server on your Ubuntu system. Now if you have a query or feedback then write us in the comments below.

Leave a Comment