Howto-Configure-Https-for-Apache

I am a Howto for the Configuration of Https for Apache under Ubuntu-22.04.

Certificates

Buy Certificates: Https://CheapSslSecurity.Com

Create CSR with OpenSSL

Create the CRS.

From existing Server-Key and Config

$ cat csr.conf
[ req ]
default_bits       = 4096
default_md         = sha512
default_keyfile    = 888888896.key
prompt             = no
encrypt_key        = no
distinguished_name = req_distinguished_name
# distinguished_name
[ req_distinguished_name ]
countryName            = "DE"                     # C=
localityName           = "Tübingen"               # L=
organizationName       = "Apps.Holzheu.De         # O=
organizationalUnitName = "Dings.Site"             # OU=
commonName             = "*.dings.site"           # CN=
emailAddress           = "michael@dings.site"     # CN/emailAddress=

$ openssl req -config csr.conf -new -key 888888896.key -verbose -out dings.site.wildcard.csr

From Scratch

$ openssl req -new -newkey rsa:2048 -nodes -keyout dings.site.key -out dings.site.csr
Generating a 2048 bit RSA private key
..............................+++++
..................................................+++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information, that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:*de*
State or Province Name (full name) []:*Baden-Württemberg*
Locality Name (eg, city) []:*Tübingen*
Organization Name (eg, company) []:*Michael Holzheu*
Organizational Unit Name (eg, section) []: *Apps.Holzheu*
Common Name (eg, fully qualified host name) []:*dings.site*
Email Address []:*michael@dings.site*

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

Note, that for Wild-Card-Certificates, specify “*.dings.site”.

$ ls
server.csr server.key

Copy Certificates

$ cp dings.site.crt DigiCertCA.crt /etc/ssl/certs/
$ cp dings.site.key /etc/ssl/private/

Apache on Ubuntu

Howto: Https://DigiCert.Com

$ cat /etc/apache2/sites-available/dings.site-ssl.conf
<VirtualHost *:80>
        Redirect permanent / https://dings.site
</VirtualHost>

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateKeyFile /etc/ssl/private/dings.site.key
        SSLCertificateFile /etc/ssl/certs/dings.site.crt
        SSLCertificateChainFile /etc/ssl/certs/DigiCertCA.crt
        ServerName dings.site
        ServerAdmin admin@dings.site
        DocumentRoot /var/www/html/All-Dings
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        <Directory /var/www/html/All-Dings>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>
</VirtualHost>

$ sudo a2enmod ssl
$ sudo a2ensite dings.site-ssl.conf
$ systemctl reload apache2

AWS/Root

Root-Login: Https://TecAdmin.Net
Sicherheits-Gruppe for Https: Https://Docs.Aws.Amazon.Com

Howtos

Https://Medium.Com