Go inside and execute the following configure command
./configure --enable-ssl –-enable-so
Note: If you are doing this on a brand new server, then you may experience issues related to APR, PCRE, and OpenSSL, and you may refer the troubleshooting guide.
Ensure you don’t get any error from the above configure command, and next you got to install with make commands.
As usual, ensure no errors from the above commands. This concludes you have installed an Apache web server with SSL support.
Getting an SSL Certificate
There are multiple ways to generate and get the SSL cert signed by the certificate authority.
If you are looking to implement SSL in the Intranet web server, then most of the organization has an internal certificate issuer team, so you got to check with them. But you still need to generate a CSR (Certificate Signing Request), and you can do it using OpenSSL.
However, if you are looking to secure an Internet-facing URL then either you can buy a certificate from VeriSign, GoDaddy, Namecheap, ZeroSSL, etc., or get a FREE cert from Let’s Encrypt.
Let’s Encrypt is a Linux Foundation Collaboration Project who offers a FREE SSL/TLS certificate. I will use Let’s Encrypt to get one certificate for my domain – Chandan.io
There are multiple ways to generate CSR, but the easiest one I found is using the “SSL For FREE” online tool.
Enter the URL that you want to secure
Verify the domain ownership by one of the listed methods and download your domain certificate files.
You will get three files that we will use next to configure the Apache webserver.
key – this is your key file and shouldn’t be shared with anyone publicly
Certificate – actual SSL certificate for your domain
Ca_bundle – Signer root/intermediate certificate
Transfer the downloaded file to the Web Server. We will need them shortly.
Apache SSL Configuration
And a final step would be to configure Apache so it can serve the request over HTTPS.
Log in to the Apache webserver
Take a backup of httpd.conf file (default location /usr/local/apache2/conf/)
Open the file with the vi editor and ensure mod_ssl module & httpd-ssl.conf exists and not commented
LoadModule ssl_module modules/mod_ssl.so
We will use httpd-ssl.conf file to configure the certificate details. There are the following you need to ensure it exists the right parameters.
SSLCertificateFile – Certificate CRT file path which you downloaded earlier
SSLCertificateKeyFile – private.a key file path
SSLCertificateChainFile – ca_bundle.crt file path
Tip: you may want to create a new folder called “ssl” and keep all the certificate-related files in this.
Take a backup if needed and use the vi editor to modify the file.