hktaskin/apache_ssl_example

## apache_ssl_example
---------------------
Ubuntu & Apache & SSL
---------------------

# Install Apache
sudo apt-get install apache2

# Generate 2048-bit RSA private key
openssl genrsa -out server.key 2048

# Generate EC private key
openssl ecparam -list_curves
openssl ecparam -out server.key -name secp384r1 -genkey

# Generate Certificate Signing Request (CSR) File
openssl req -new -key server.key -out server.csr

# Sample Data for CSR
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

# Generate the self-signed certificate valid for 365 days
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

# Enable mod_ssl in Apache
sudo a2enmod ssl

# Configure VirtualHost Parameters under /etc/apache2/sites-enabled/
# Sample Apache VirtualHost Configuration
NameVirtualHost *:443
<VirtualHost *:443>
    ServerName 127.0.0.1
    DocumentRoot /var/www

    SSLEngine on
    SSLOptions +StrictRequire

    <Directory />
        SSLRequireSSL
    </Directory>

    # For SSL/TLS CipherSuite config: https://ssl-config.mozilla.org/#server=apache

    SSLCertificateFile /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl/server.key

    SSLVerifyClient none
    SSLProxyEngine off

    <IfModule mime.c>
        AddType application/x-x509-ca-cert      .crt
        AddType application/x-pkcs7-crl         .crl
    </IfModule>

</VirtualHost>

# Restart Apache
sudo /etc/init.d/apache2 restart

#Permanent Redirect
NameVirtualHost *:80
<VirtualHost *:80>
   ServerName 127.0.0.1
   Redirect permanent / https://127.0.0.1/
</VirtualHost>
	---------------------
	Ubuntu & Apache & SSL
	---------------------

	# Install Apache
	sudo apt-get install apache2

	# Generate 2048-bit RSA private key
	openssl genrsa -out server.key 2048

	# Generate EC private key
	openssl ecparam -list_curves
	openssl ecparam -out server.key -name secp384r1 -genkey

	# Generate Certificate Signing Request (CSR) File
	openssl req -new -key server.key -out server.csr

	# Sample Data for CSR
	Country Name (2 letter code) [AU]:
	State or Province Name (full name) [Some-State]:
	Locality Name (eg, city) []:
	Organization Name (eg, company) [Internet Widgits Pty Ltd]:
	Organizational Unit Name (eg, section) []:
	Common Name (e.g. server FQDN or YOUR name) []:
	Email Address []:

	# Generate the self-signed certificate valid for 365 days
	openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

	# Enable mod_ssl in Apache
	sudo a2enmod ssl

	# Configure VirtualHost Parameters under /etc/apache2/sites-enabled/
	# Sample Apache VirtualHost Configuration
	NameVirtualHost *:443
	<VirtualHost *:443>
	ServerName 127.0.0.1
	DocumentRoot /var/www

	SSLEngine on
	SSLOptions +StrictRequire

	<Directory />
	SSLRequireSSL
	</Directory>

	# For SSL/TLS CipherSuite config: https://ssl-config.mozilla.org/#server=apache

	SSLCertificateFile /etc/apache2/ssl/server.crt
	SSLCertificateKeyFile /etc/apache2/ssl/server.key

	SSLVerifyClient none
	SSLProxyEngine off

	<IfModule mime.c>
	AddType application/x-x509-ca-cert .crt
	AddType application/x-pkcs7-crl .crl
	</IfModule>

	</VirtualHost>

	# Restart Apache
	sudo /etc/init.d/apache2 restart

	#Permanent Redirect
	NameVirtualHost *:80
	<VirtualHost *:80>
	ServerName 127.0.0.1
	Redirect permanent / https://127.0.0.1/
	</VirtualHost>