How to configure HTTPS on Apache, AWS, EC2

While building FlyPals.com to support secure login and payments, I had to figure out how to make the site secure which meant juggling with site security and such. This to me was one of the most mind boggling pieces of the whole application development part. Several reasons for this anxiety. One that security and HTTPS sounds very nerdy to someone who is not doing it for living. Second I had never installed a certificate before so the process seemed little intimidating. This post is my attempt to help others who may be in the same situation by sharing my experience.

In order for your site to be HTTPS or SSL enabled (btw SSL is no longer used as protocol, the new protocol is TLS but the name is still being used) the web server needs to know where your certificate is stored. Certificate is a seal from a known authority such as Verisign, DigiCert etc

Detailed Instructions for SSL/HTTPS on Apache

  1. Buy the certificate from any authority such as DigiCert
  2. You need to generate a CSR file from the production server (on EC2 for instance). DigiCert has a wizard that will give you the command to run to generate CSR
  3. Upload the intermediate certificate and primary certificate to the remote server by scp or sftp or ftp or any other mechanism
  4. Create a new dir in root and make it readable by root only
$ mkdir /sslcert
$ sudo chmown root:root /sslcert
$ sudo chmod 700 /sslcert

[IMPORTANT] Once I made the sslcert owned and readable by root I was not allowed to see the contents of the directory even with sudo. I had no idea of the super root user password so even su didn’t work. I ended up modifying the permission back to 777 (sudo chmod 777 sslcert) and creating a new directory (sslcert2) with default permission. You really don’t need to see the content of sslcert as long as you know the names of the files that you will mention in ssl.conf below[/IMPORTANT]

5. Copy the .crt files to /sslcert

6. Go to Apache’s ssl config directory /etc/httpd/conf.d

7. Follow instructions on https://www.digicert.com/ssl-certificate-installation-apache.htm

8. Make a copy of ssl.conf

$ sudo cp ssl.conf ssl.conf.save

9. Open the file for editing

$ sudo vi ssl.conf

Follow https://www.digicert.com/ssl-certificate-installation-apache.htm

10. Open port 443 on EC2

11. Restart Apache

$ sudo apachectl stop; sudo apachectl start

12. Make sure to redirect the secure pages to their https:// equivalent. In FlyPals.com I redirected http://flypals.com/login.php to https://flypals.com/login.php

13. Put the seal of the Certificate Authority on your site to improve trust

Rollback (if you screw up)

$ sudo cp ssl.conf.save ssl.conf; sudo apachectl stop; sudo apachectl start;

Nishant is founder of Mentr and FlyPals.com who loves to connect people for a purpose. He loves to solve real world problems through the use of technology. In his free time, he composes music for films (shorts and features) and spends time with his wife and two kids. He lives in the bay area. Follow him on Twitter @nishantasthana

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.