Sharing Ilmu

Sharing for useful things

Securing Web Server with HTTPS linux ubuntu 20.04

In this tutorial I’ll discuss about how to securing webserver with https on linux ubuntu 20.04.  When we use http protocol all data is sending using plaintext, so that data can be read by third parties. It’s not secure. So we must add the additional protocol using SSL or TLS for the secure web (HTTPs). Make sure you have configured webserver (How to Install webserver ubuntu 20.04) with dns service (How to configure DNS server 20.04).

Generate SSL Certificate with openssl.

root@Taufik:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/taufiknet.key -out /etc/ssl/private/taufiknet.crt

Then, configure the infromation.

Generating a RSA private key
..........................................................+++++
............+++++
writing new private key to '/etc/apache2/apache2.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Lampung
Locality Name (eg, city) []:Pesawaran
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TAUFIKN
Organizational Unit Name (eg, section) []:taufik.net
Common Name (e.g. server FQDN or YOUR name) []:taufik.net
Email Address []:admin@taufik.net

Enable mod ssl :

root@Taufik:~# a2enmod ssl

Restart apache2 :

root@Taufik:~# systemctl restart apache2

 

Edit your apache file conf :

root@Taufik:~# nano /etc/apache2/sites-available/taufikweb.conf

Change and add some configuration :

<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port t>
# the server uses to identify itself. This is used when creating
# However, you must set it for any further virtual host explicitly.
# ServerName www.example.com

ServerAdmin admin@taufik.net
ServerName taufik.net
ServerAlias www.taufik.net
DocumentRoot /var/www/html/taufikweb

SSLEngine on
SSLCertificateKeyFile /etc/ssl/private/taufiknet.key
SSLCertificateFile /etc/ssl/private/taufiknet.crt


ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined


# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

Save and exit, then restart apache2 service.

root@Taufik:~# systemctl restart apache2

 

Now test from client :

Access url  https://youripaddress or https://yourdomain.net

When appear error message, click hide advanced then click proceed. It’s because the ssl certified is not valid certificate.

 

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*
You may use these <abbr title="HyperText Markup Language">HTML</abbr> tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>