Requirements for Supporting HTTPS on Apache

Linux Apps Tutorials - Herong's Tutorial Examples

∟Running Apache HTTP Server (httpd) on Linux Systems

∟Requirements for Supporting HTTPS on Apache

This section provides a brief summary of requirements on configuring the Apache HTTP Server to support the HTTPS protocol.

By default, Apache HTTP Server supports only the HTTP protocol. If you want support the HTTPS protocol to provide secure communications, you need to meet the following requirements.

1. Obtain a valid PKI certificate for your Web server.

The certificate must be issued directly or indirectly by a CA (Certificate Authority) trusted by Web browsers.
The certificate must be issued with "Extended Key Usage" = "Server Authentication".
The certificate must be issued with "Subject Alternative Name" = your server's domain name or IP address.

2. Install the server certificate and its associated private key under a system directory, like /etc/pki/tls/.

3. Install the root CA certificate and intermediate CA certificates as a certificate chain under a system directory, like /etc/pki/tls/.

4. Install the SSL/TLS module, mod_ssl, for the Apache HTTP Server.

5. Update Apache HTTP Server configuration file httpd.conf or ssl.conf to support the HTTPS protocol for different use cases:

5.1. Support HTTPS only. Listen to port 443 only and turn on the SSL/TLS module. Set "SSLCertificateFile" to the server certificate file, "SSLCertificateKeyFile" to the server private key, and "SSLCertificateChainFile" to the CA certificate chain.

5.2. Support HTTPS with HTTP connections autoforwarded to HTTPS. Configure 2 virtual hosts, one for HTTP and one for HTTPS. Add the "Redirect" directive in the HTTP virtual host to forward connections to the HTTPS virtual host.

5.3. Support both HTTPS and HTTP separately. Configure 2 virtual hosts, one for HTTP and one for HTTPS. Both virtual hosts can share the same "DocumentRoot" setting.