1. Install flavour of ubuntu server - in my first test install I choice 14.05. (the copy for this ISO can be found on Newton). 

 

2. Log into the server and run the following command. This will enable the SSL feature in Apacahe2.

sudo a2enmod ssl

3. We will now need to restart the apcahe2 service.

sudo service apache2 restart

4. Next we will then create a directory to store the certificate. We then will generate the self sign certificate into this directory.

sudo mkdir /etc/apache2/ssl

sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

It will ask you a series of question regards location, but there will be one section we will need to enter the URL we want to link the webserver to. In my test, I used webserver.andersonfamilynetwork.com.

Ensure you type this url in the Common Name section.

5. We will then restart Apache2

sudo service apache2 restart

6. We will now need to open the Apache2 config file to edit the ssl settings to replace the default certificates with the ones we generated earlier.

sudo nano /etc/apache2/sites-available/default-ssl.conf

[caption id=”attachment_457” align=”alignnone” width=”981”] Default certificate - file not yet modified.[/caption]

[caption id=”attachment_458” align=”alignnone” width=”800”] With certificate replaced - file modified.[/caption]

7. We then need to enable our default SSL connection.

sudo a2ensite default-ssl.conf

This will enable to configuration file that we just modified.

8. We then need to restart Apache2

sudo service apache2 restart

9. On a host on the same network, navigate to the url we used in the above example (webserver.andersonfamilynetwork.com) and see if you can now see the Apache2 test web page.

Also note that if you are in a Windows Domain you will also need to add an A record to the DNS of the DC to point to the server.

You may also get an error when you first go to the page, this is because its a self signed certificate, if you have a signed certificate from a CA provider this message will not occur.

To avoid seeing this, you will need to add this url to the trusted sites of the web browser you are using. Again having a signed ssl certificate you will avoid seeing this.

10. At this stage you can go to HTTP or HTTPS. Being that we want to use the HTTPS protocol, we will edit the Apache2 config file to re-direct the HTTP to HTTPS.  (So far I have not been able to get this part to work properly. Not sure if there is a required reboot along the lines somewhere).

Back on the server run the following command to get back into the config file.

sudo nano /etc/apache2/apache2.conf

11. Once nano opens, scroll all the way to the bottom, and enter the following lines. Save and Exit.

#HTTP to HTTPS Redirect RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

12. We want to make sure that the config file is updated and running so we will perform a rewrite.

sudo a2enmod rewrite

then do a service restart of the Apache2 service.

sudo service apache2 restart

13. Now we can go back to our web browser and navigate to http and see if it re-directs to https.