SSL / TLS Support

SSL may be enabled by adding self-signed certificates. However a more clever approach involves:

  1. Create a certificate authority (CA) prior to generating any SSL certificates.

  2. Import this CA to any client accessing your SSL host.

  3. Create an SSL certificate for any desired service.

It fully suffices to get the firefox browser working this way. Google-Chrome is known for additional security restrictions.

The following docs may help you:

Tip

  • Using SSL with Apache requires the activation of the corresponding module. The Ubuntu version of Apache comes with two commands a2enmod and a2dismod for enabling and disabling modules by managing symbolic links from /etc/apache2/mods-enabled to /etc/apache2/mods-available.

  • Apache SSL/TLS Encryption

  • Creating Your Own SSL Certificate Authority (and Dumping Self Signed Certs)

  • The previously linked recipe may fail for Google Chrome being pickier about certificates than i.e. the Firefox browser. Consider stackoverflow.com for providing a Subject Alternative Name extension when creating your certificate signing request. The subsequent certificate creation may require a keyUsage = nonRepudiation, digitalSignature, keyEncipherment configuration as being proposed by superuser.com.