Apache SSL/TLS Configuration: Enable HTTPS on Apache Server. In this blog post, we introduce SSL, HTTPS, importance of HTTPS then show you how to enable HTTPS on Apache web server.
Website security is crucial regardless of the type of information that businesses are storing or transmitting. Encryption and authentication settings differentiate between a safe website and one that might leak users’ personal information.
Let’s introduce the key concepts of HTTPS and SSL next.
Hypertext Transfer Protocol Secure abbreviates to HTTPS. It’s a collection of rules governing how two parties (like users and websites) may safely share private information. This protocol facilitates using the transport layer security (TLS) protocol to establish an encrypted link between your client (browser) and the server it is communicating with. For this reason, it is also referred to as HTTP over TLS or HTTPS secure. HTTPS is the secured variant of the more common HTTP protocol.
SSL, or Secure Sockets Layer, is a protocol for creating encrypted and authorized connections between computers on a network, ensuring the safety of data and communications sent over the internet.
Moreover, SSL reveals details about the website, including the domain name and, if present, the website owner. Both server to server and server to client connections may be established using SSL.
Since HTTPS provides the best protection for users’ private data, it has replaced all other Web protocols as the standard.
Next concept is authentication, a process users go through to ensure they are connected to a simple website, not a fraud. A certificate authority (CA) is a third party organization that verifies the legitimacy of SSL/TLS certificates (i.e., website security certificates), which your browser reviews.
Secondly, HTTPS is not just important for sites that ask visitors to enter personal information. Attackers may get behavioural and identifying data through insecure connections in addition to information received directly from users.
In addition to increased data security, HTTP improves online functionality and user experience, two key concerns for site owners.
Users are more likely to trust an HTTPS website since they verify the site’s identity using the SSL Certificate. Users then do not worry about their private information being stolen since the protocol encrypts all client server connections using SSL/TLS authentication.
Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web
server.
Ports:
80,443/tcp
Now, run the following command to allow both HTTP and HTTPS service.
ufw allow in "Apache Full"
Then, reload the UFW daemon to implement the changes.
Enable HTTPS on Apache Using Self-signed SSL Certificate
A self-signed certificate is a certificate that is not signed by any certificate authority. It is signed by its own private key. Generally, it is used for testing environments or low-risk internal networks only.
First, generate a certificate signing request using the following command.
Finally, restart the Apache service to apply the changes.
systemctl reload apache2
Now, open your web browser and access your Apache website securely using the URL https://your-server-ip. You see the warning page because you are using the self-signed certificate.
Click on Accept the risk and continue button. Next you notice your Apache default website page on the following screen.
Enable HTTPS on Apache Using Let's Encrypt SSL Certificate
Following on the next concept, Let’s Encrypt is a free and global certificate authority that provides a trusted certificate for your domain at zero cost. Its aim is to make it possible to enable HTTPS on your domain automatically without any human intervention.
First, you need to install the Certbot Let’s Encrypt client package to your server. Certbot provides an easier way to install and manage the Let’s Encrypt certificate for your domain.
apt install python3-certbot-apache -y
After installing the Certbot client package, edit the Apache default virtual host configuration file.
Apache SSL/TLS Configuration: Enable HTTPS on Apache Server Conclusion
In this post, we have generated a self-signed certificate and installed it on the Apache web server to secure the connection. We also showed you to enable HTTPS on the Apache website using the Let’s Encrypt free SSL certificate. Now use any of the above methods to enable HTTPS on your Apache websites.
As a website owner, you probably understand why using HTTP to host your site is no longer a good idea. Every website owner would be prudent to activate HTTPS since not doing so would significantly drop search engine rankings and expose your site to security threats.
I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.