SSL/TLS Support

Install openssl

apt install openssl

Setup a Certificate Authority

Generate a private key

openssl genpkey -algorithm RSA -out ca.key

Create a self-signed certificate for your Certificate Authority

openssl req -x509 -new -key ca.key -out ca.crt

We need to download the certificate to our local machine and install it as a trusted certificate in our Web Browser, i.e. Firefox

Create SSL Certificate for Apache

openssl genpkey -algorithm RSA -out server.key

Create a Certificate Signing Request (CSR)

openssl req -new -key server.key -out server.csr

Sign the SSL certificate with your Certificate Authority

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 365

Enable SSL on Apache

Edit Configuration

We need to edit the Apache configuration file /etc/apache2/sites-available/default-ssl.conf and add/edit the following lines

SSLEngine on
SSLCertificateFile /path/to/server.crt
SSLCertificateKeyFile /path/to/server.key

Enable SSL Module

Now we need to enable the SSL module

a2ensite default-ssl

After this we need to restart the Apache service

systemctl restart apache2

Access the site

Now we can access the site using https://www.g1.sdi.mi.hdm-stuttgart.de/. We will get a warning that the certificate is not trusted, because we created it ourself. We can ignore this warning and continue to the site.