SSL Configuration

  • Does anybody have an apache config for using self signed certs? I tried using the basic settings from the default-ssl.conf but apparently there is some conflict with the other settings in the i-doit config file and the HTTPS wasn't working after I enabled it and restarted apache. Any help would be appreciated, I'm not particularly good with Apache web servers.

  • (make a backup of your system and run all commands as root 😉

    Create new certificates and keys and refer to them later.

    So you can at least create the hostname to match the certificate.

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/idoit-company-local.key -out /etc/ssl/certs/idoit-company-local.crt

    Activate SSL module of Apache

    a2enmod ssl

    Adjust Default SSL Configuration

    Reasons for adjustment

    • listen to all hostnames
    • Correct Server Admin
    • own logs for SSL connections
    • Include your own generated certificates
    • directory /var/www/html run all configurations to customize themselves
    root@idoit:/etc/apache2/sites-available# git diff default-ssl.conf
    diff --git a/apache2/sites-available/default-ssl.conf b/apache2/sites-available/default-ssl.conf
    index 7e37a9c..00eb69a 100644
    --- a/apache2/sites-available/default-ssl.conf
    +++ b/apache2/sites-available/default-ssl.conf
    @@ -1,6 +1,6 @@
     <IfModule mod_ssl.c>
    -       <VirtualHost _default_:443>
    -               ServerAdmin webmaster@localhost
    +       <VirtualHost *:443>
    +               ServerAdmin
                    DocumentRoot /var/www/html
    @@ -10,8 +10,9 @@
                    # modules, e.g.
                    #LogLevel info ssl:warn
    -               ErrorLog ${APACHE_LOG_DIR}/error.log
    -               CustomLog ${APACHE_LOG_DIR}/access.log combined
    +               ErrorLog ${APACHE_LOG_DIR}/error-ssl.log
    +               CustomLog ${APACHE_LOG_DIR}/access-ssl.log combined
    +               Loglevel warn
                    # For most configuration files from conf-available/, which are
                    # enabled or disabled at a global level, it is possible to
    @@ -29,8 +30,8 @@
                    #   /usr/share/doc/apache2/README.Debian.gz for more info.
                    #   If both key and certificate are stored in the same file, only the
                    #   SSLCertificateFile directive is needed.
    -               SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
    -               SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
    +               SSLCertificateFile      /etc/ssl/certs/idoit-company-local.crt
    +               SSLCertificateKeyFile /etc/ssl/private/idoit-company-local.key
                    #   Server Certificate Chain:
                    #   Point SSLCertificateChainFile at a file containing the
    @@ -127,6 +128,10 @@
                    # BrowserMatch "MSIE [2-6]" \
                    #               nokeepalive ssl-unclean-shutdown \
                    #               downgrade-1.0 force-response-1.0
    +               <Directory /var/www/html>
    +                       AllowOverride All
    +                       Require all granted
    +               </Directory>

    Activate Default SSL Configuration

    a2ensite default-ssl

    Restart Apache

    systemctl restart apache2

  • @proofy may I ask you for your help? I've followed your guide on my Debian-based machine. On my machine, http works perfectly fine. As soon as I try to access my i-doit via https, I'm seeing a totally weird page which appears like that:

    Any idea what this could be?

  • @Makorus-Makar I just started from scratch, it works now, thanks!

  • Hi @proofy & @all,

    I'm experiencing the same problem. I tried your procedure on two different systems.

    Ubuntu 20.04.1

    I-doit itself and the following packages have been downloaded/installed by the i-doit-installer-script

    PHP 7.4.3
    Apache 2.4.41
    MariaDB 15.1

    May I ask for your help? thx

Log in to reply

Datenschutz / Privacy Policy