0

I have been working really hard on installing an OpenSSL certificate so my web-app can show the beautiful “HTTPS” in the URL, however, I can’t get it and it’s driving me insane!!

I have a Linux VPS with Ubuntu 14.04 and Apache 2.4.7.

I have done the following things:

1.- Enable SSL module:

sudo a2enmod ssl

2.- Restart Apache:

sudo service apache2 restart

3.- Create SSL directory inside de Apache2 directory: 

sudo mkdir /etc/apache2/ssl

4.- Execute the following command to create a self-signed ssl certificate :

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout `    /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt`

5.- Fill in questions:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company
Organizational Unit Name (eg, section) []:Department of Kittens
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
Email Address []:your_email@domain.com

6.- Configure apache to utilize ssl:

sudo nano /etc/apache2/sites-available/default-ssl.conf

7.- Modify the following data:

ServerAdmin admin@example.com
ServerName my_domain.com
ServerAlias www.my_domain.com
DocumentRoot /var/www/html
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

8.- Enable “default-ssl.conf” file: 

sudo a2ensite default-ssl.conf

9.- Restart Apache again: 

 sudo service apache2 restart

According to what I have read that should be all… what am I missing??

Thank's in advanced.

user2095819
  • 21
  • 1
  • 3
  • Is Apache listening on port 443? https://wiki.apache.org/httpd/ExampleVhosts – Dondi Michael Stroma Jun 04 '15 at 04:16
  • I did try that...still not working :( – user2095819 Jun 04 '15 at 14:38
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306). – jww Jun 07 '15 at 11:01
  • Also, that certificate will be malformed and the browser will never accept it. One of the reasons is Step 5 and *"Common Name (e.g. server FQDN or YOUR name) []:your_domain.com"*. Server names go in the *Subject Alternate Name (SAN)*, and ***not*** the *Common Name (CN)*. See [How to create a self-signed certificate with openssl?](http://stackoverflow.com/a/27931596/608639) for using the SAN rather than the CN. Here's another one should should probably visit: [How do you sign Certificate Signing Request with your Certification Authority?](http://stackoverflow.com/q/21297139). – jww Jun 07 '15 at 11:06
  • Thank you both :) ... just want to mention that I finally could resolve the problem: it was an ip table rule that was blocking port 443. – user2095819 Jun 09 '15 at 01:23

0 Answers0