I assume you already have Apache installed and up and running.
These are the steps I took to enable https on my home server. I had a bit of a struggle, since some of the explanations I read had a few shortcomings and/or contradictions. I did the following steps to get my https up and running:
1. Install the software needed.
You will need OpenSSL and mod_ssl, Apache's interface to OpenSSL. Install them with the following:
$ yum install mod_ssl openssl
2. Create your keys
You must create a self signed certificate. If you want the "real thing", you have to provide a trusted certificate from a vendor selling them, but for personal use, this will do. During this process, you will be asked to provide your hostname. Make sure this match what you get if you run the command
First, generate the private key with the command
$ openssl genrsa -out ca.key 2048
Then generate CSR (Certificate signing request - http://en.wikipedia.org/wiki/Certificate_signing_request)
$ openssl req -new -key ca.key -out ca.csr
Make sure you type in the hostname correct, as explained above.
Then, generate a self signed key
$ openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
3. Copy the newly created files to the correct locations
$ cp ca.crt /etc/pki/tls/certs $ cp ca.key /etc/pki/tls/private/ca.key $ cp ca.csr /etc/pki/tls/private/ca.csr
4. Update the Apache config files
I use nano as my editor, so I type
$ nano /etc/httpd/conf.d/ssl.conf
In this file (that may be empty the first time you try this) I put in the following lines
SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Then it's time to set up the port and the virtual host for Apache
$ nano /etc/httpd/conf/httpd.conf
First, enable the ssl_mod. Add this following line in the LoadModule section
LoadModule ssl_module modules/mod_ssl.so
Then add the following line where you have "Listen 80"
Continue by adding
near the line NameVirtualHost *:80
Finally, you want to set up the virtualhost. Add the lines
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <Directory /var/www/html> AllowOverride All </Directory> DocumentRoot /var/www/html ServerName yoursite.com ErrorLog /var/log/ssl.log </VirtualHost>
That's it. Now you only have to restart the httpd and open up you firewall.
$ nano /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
Restart the firewall
$ service iptables restart
Restart the httpd
$ service httpd restart
You should now be able to visit your home server with
You will probably get some warnings, since the certificate is not trusted, but good enough for personal use.