To let your visitors/users safely access your services, you better add a SSL certificate to your server to allow them browse your websites using HTTPS protocol.
What is TLS/SSL?
“Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which are designed to provide communication security over the Internet.
They use X.509 certificates and hence asymmetric cryptography to assure the counterparty with whom they are communicating, and to exchange a symmetric key. This session key is then used to encrypt data flowing between the parties. This allows for data/message confidentiality, and message authentication codes for message integrity and as a by-product, message authentication.” (Wikipedia)
So basically it ensures the data transiting from the user to the server is encrypted.
You can either use your own certificate or buy from 3rd party such as StartSSL.
If you use your own certificate, the web browser will not recognize it as a safe website and will display a warning message before to be able to access it. If you want to avoid scaring your visitors, you will need to buy a certificate from a trusted vendor (Meaning accepted by 99.x% of the web browsers as safe certificate).
But as I trust myself, I do not need to buy a certificate and I will just generate one by myself to secure further my server.
You can generate your own self-signed certificate by running the following command:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/myblog.key -out /etc/ssl/certs/myblog.pem
This will create a pairs of key and certificates based on RSA encryption 2048 bit.
You will need to enter some info such as:
Country Name (2 letter code) [AU]:TW State or Province Name (full name) [Some-State]:Taiwan Locality Name (eg, city) :Taipei Organization Name (eg, company) [Internet Widgits Pty Ltd]:Freedif Organizational Unit Name (eg, section) :Freedif Common Name (e.g. server FQDN or YOUR name) :freedif.org #### Your domain name ! Email Address :firstname.lastname@example.org
Once done, you need to adjust your Virtualhost to add a SSL section.
and add at the end after the , a new section dedicated to HTTPS (Port 443).
To be faster, I suggest to use the same configuration than your Virtualhost on HTTP, like:
<pre class="lang:default highlight:0 decode:true crayon-selected"><IfModule mod_ssl.c> <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/ssl/certs/myblog.pem ### Where you saved your certificate SSLCertificateKeyFile /etc/ssl/private/myblog.key ### Where you saved your key ###### ADD YOUR ORIGNAL VHOST SETTING #### </VirtualHost> </IfModule>
Finally, enable SSL mode:
sudo a2enmod ssl
and restart apache
sudo /etc/init.d/apache2 restart
You should now have a HTTPS connection working !