I created a privatekey file using openssl command:
openssl genrsa -des3 -out private.key 2048
Entered my password, and followed by generating CSR:
openssl req -new -key privatekey.key -out csrkey.csr
I use this CSR key to create my SSL certificate through RapidSSL. They issued me 3 certificate ending in .cer namely:
- CACertificate-1.cer
- CACertificate-2.cer
- ServerCertificate-1.cer
I uploaded all of these certificates to the /etc/apache2/ folder
/etc/apache2/ contains:
- CACertificate-1.cer
- CACertificate-2.cer
- ServerCertificate-1.cer
- Privatekey.key
- Csrkey.csr
- Chain.ctr (I got this from Rapid SSL as an intermidiate certificate)
I then had to add the code to /etc/apache2/apache2.conf:
<VirtualHost _default_:443>
SSLEngine on
DocumentRoot /var/www/html
ServerName example.co.uk
SSLEngine on
SSLCertificateFile /etc/apache2/CACertificate-1.cer
SSLCertificateKeyFile /etc/apache2/privatekey.key
SSLCertificateChainFile /etc/apache2/chain.ctr
</VirtualHost>
My /etc/apache2/apache2.conf
file didn’t have the <VirtualHost>
, when I tried to restart apache it it said “SSLEngine command not deined in this module”. So I have a look around and found /etc/apache2/sites-available/default-ssl.conf
which did contain <VirtualHost>
I proceeded by adding the code above, but after restarting apache using
sudo apachectl restart
But the https://example.co.uk is giving me a grey screen: SSL connection error
ERR_SSL_PROTOCOL_ERROR Hide details Unable to make a secure connection
to the server. This may be a problem with the server, or it may be
requiring a client authentication certificate that you don’t have.
Here are the steps to enable HTTPS protocol of your Apache service on Google Compute Engine (You can safely skip those steps that you’ve already taken) :
$ sudo mkdir /etc/apache2/ssl.crt
$ cd /etc/apache2/ssl.crt
$ sudo openssl genrsa -out example.key 2048
$ sudo openssl req -new -key example.key -out example.csr
$ sudo openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt
$ sudo nano /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/apache2/ssl.crt/example.crt
SSLCertificateKeyFile /etc/apache2/ssl.crt/example.key
SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
Save the configuration file and close it.
Now enable this site configuration file
$ sudo a2ensite default-ssl.conf
$ sudo apachectl configtest
$ sudo service apache2 restart
tcp:80 and tcp:443