SSL / TLS Support

SSL may be enabled by adding self-signed certificates. However a more clever approach involves:

  1. Create a certificate authority (CA) prior to generating any SSL certificates.

  2. Import this CA to any client accessing your SSL host.

  3. Create an SSL certificate for any desired service.

It fully suffices to get the firefox browser working this way. Google-Chrome is known for additional security restrictions.

The following docs may help you:

Tip

  • To understand virtual host related certificate issues read about server name indication.

  • Using SSL with Apache requires the activation of the corresponding module. The Ubuntu version of Apache comes with two commands a2enmod and a2dismod for enabling and disabling modules by managing symbolic links from /etc/apache2/mods-enabled to /etc/apache2/mods-available.

  • Apache SSL/TLS Encryption

  • Working With Self-Signed Certificates in Chrome (Walkthrough Edition)

    This works for both Chrome and Firefox and most likely for other browsers as well. It describes the creation of a wildcard certificate being valid for a subdomain like e.g. g4.sdi.mi.hdm-stuttgart.de. The Base64 certificate conversion is not being required since Apache 2.4 will happily accept both generated tls.crt and tls.key files.

    For a better understanding of the underlying concepts consider the related stackoverflow.com article for providing a Subject Alternative Name extension when creating your certificate signing request. Certificate creation requires the following superuser.com proposal: 

    keyUsage = nonRepudiation, digitalSignature, keyEncipherment
Prev  Up  Next
Virtual hosts  Home  LDAP authentication