stackoom
  简体   繁体   中英

Enabling SSL on apache instance on EC2

 原文  2011-08-04 20:35:35       apache/ ssl/ amazon-ec2

Question

I have an EC2 instance that is using Amazon's custom linux install with built in apache. This install also has openssl installed. That being said, there does not appear to be a mod_ssl.so to load up in httpd.conf.

So, I want to know the best way to get apache to be ssl enabled so I can setup my SSL virtual host (note that I have already setup the cert/signatures). Ideally, I would like to not have to rebuild/reinstall apache.

6 answers

solution1
 33  2011-08-04 21:07:38

试试这个命令: 

 yum install mod_ssl

solution2
 27  2013-05-25 04:06:15

A summary of what needs to be done to enable SSL on apache server on EC2:

  1. Get SSL certificate (which you already did)
  2. Install mod_ssl as Jose Vega said
  3. Add the following lines to your httpd.conf 3. 
 NameVirtualHost *:443 <VirtualHost *:443> ServerName www.example.com # other configurations SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key </VirtualHost>

Finally, don't forget to open port 443 on your EC2 instance

solution3
 12  2014-01-14 12:09:09

I managed to enable SSL on my ec2 instance and to install a free ssl certificate from startssl.com . I made a few mistakes, this is the basic approach:

  1. Signup to startssl.com by clicking Control Panel link
    • Complete the signup process. You will need to verify your email address.
  2. Validate your domain under Validation Wizard -> Domain Name Validation
  3. Get a Certificate by Certificate Wizard
    • Choose: Web Server SSL/TLS Certificate
    • Enter a password that will be used to encrypt the private key. You will need this later.
    • I chose keysize of 4096
    • Save the encrypted private key as ssl.encrypted.key someplace
    • ?? I forget what happened next
    • Save the certificate file as ssl.crt someplace. For me I had to wait 30 minute then it appeared under Tool Box -> Retrive Certificate
  4. Use openssl to decrypt the encrypted ssl.encrypted.key file
    • sudo openssl rsa -in ssl.encrypted.key -out ssl.unencrpted.key
    • startssl.com also have a decrypt option on their website, but it didn't work for me
  5. putty/ssh onto your ec2 machine
  6. install mod_ssl
    • sudo yum install mod_ssl
  7. Replace the default certificate and key
    • sudo vi /etc/pki/tls/certs/localhost.crt
    • Paste in the contents of ssl.crt
    • Make sure it pastes correctly! I always lose the first 6 characters
    • Use :%d to delete the existing certificate if required
    • [ESC] wq
    • sudo vi /etc/pki/tls/private/localhost.key
    • Paste in the contents of ssl.unencrypted.key
    • Again make sure it pastes correctly!
    • [ESC] wq
  8. Check the configuration
    • apachectl configtest
  9. Restart
    • sudo service httpd restart
    • I had issues restarting and I think what fixed it was sudo kill -9 httpd

solution4
 7  2016-10-27 21:34:00

You should install the SSL module, since mod SSL does not ship with most instances by default, but that depends on the Apache version you are using in your AWS instance. To check which one you are using, you can run this command in your command line: 

httpd -v

For Apache 2.2 

yum install mod_ssl

For Apache 2.4 

yum install mod24_ssl

solution5
 0  2017-01-26 22:06:58

If you are using Amazon Lightsail, be sure to go into Networking from the Lightsail dashboard and add HTTPS/443 in your Firewall:

在此输入图像描述

solution6
 0  2019-08-12 09:21:51

Here's what worked for me, via shell, with a wildcard cert that had a CA bundle (on Lightsail servers, HTTPS/443 enabled). Mileage may vary. Test on https://www.digicert.com/help/ after install. For brevity, I've shortened the certs/keys here (obviously).

It's worth noting also that I did not need to set up a VirtualHost for the domain. 

# Overwrite these files on Amazon Linux + mod_ssl (or mod24_ssl)
# /etc/pki/tls/certs/ca-bundle.crt
# /etc/pki/tls/certs/localhost.crt
# /etc/pki/tls/private/localhost.key

## BEGIN

# INSTALL AS ROOT
sudo -su root

sudo cat > /etc/pki/tls/certs/localhost.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIMNY9yk7s651tb2YasMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
KoZIhvcNAQELBQADggEBACu8MsClqLbO1NqjXw+igERhLRkISgnkIjB1p69zh3V0
/3b68mkC+8pL3HNLgL0qIM9sPKKOl/Iyky2EfwfQDoZEWNB0qWKIOovH5Oj9z5DE
-----END CERTIFICATE-----
EOF

sudo cat > /etc/pki/tls/private/localhost.key <<EOF
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCL6UsW9yC0Faev
1zeEJcF6E7P6XYqT25rWMj5xzUM8gi/4nLpGr+tOBlFJYSbLlEHJKG6QLO9Ku896
MwTtWyOrTlPtpJEi9LUrLmOUXtD1WN2Ekql/ZLaO7pxUtVTRF4MyYspGgU1ZjkxY
vQLnZs85bnG2dLz7Q4xxlj4=
-----END PRIVATE KEY-----
EOF

sudo cat > /etc/pki/tls/certs/ca-bundle.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIESzCCAzOgAwIBAgIOSMqBefg+ikLz9c3isT8wDQYJKoZIhvcNAQELBQAwTDEg
bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTYxMDE0MDAwMDAwWhcNMjQw
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
-----END CERTIFICATE-----
EOF

# RESTART
sudo service httpd restart

#DONE

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Enabling SSL on an AWS EC2 instance ssl certificate not working on apache linux ec2 instance Enabling compression on AWS EC2 Instance Configure apache in EC2 Instance Trying to use certbox to get SSL Certificate, however command sudo certbot --apache failed on ec2 instance How to set up ssl certificate on apache server that is running on aws ec2 WIndows server instance? Restarting EC2 Apache instance on CloudWatchAlarm SSL with Virtual Hosts on Apache in Amazon AWS EC2 environment SSL Certificate from 1&1 to an AWS EC2 instance not working Enabling compression (Amazon EC2)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM