Apache server is used by a large number of blogs and website. Since Apache is so popular, it is also a common target for online attacks. It is important to keep your site data secure to prevent unauthorized bots and hackers from snooping in on it. One of the simplest ways to do this is to serve your website over HTTPS protocol. For this purpose, you need to enable mod_ssl Apache module. In this article, we will learn how to enable mod_ssl in Apache server.
What is mod_ssl?
Apache server provides many different modules to support different functions and features. mod_ssl is an Apache module used to manage SSL feature. It provides SSL/TLS encryption for data transferred between your Apache server and client browser. This prevents unauthorized people and bots from tracking the data transferred between your site and visitors, on the internet. It is useful for loading pages with sensitive information on them as well for financial transactions such as online checkout.
mod_ssl uses OpenSSL library under the hood and validates your SSL certificates before performing encryption. This allows system administrators to easily manage SSL/TLS encryption from Apache server, without any coding.
Why is mod_ssl needed?
mod_ssl helps with the following functions:
- Data encryption – It encrypts response data sent from Apache server to client browser as well as decrypts request data received from client browser.
- Secure communication – Since data transferred between client browser and server is encrypted, it prevents unauthorized people from reading the data communicated between your server and client browsers
- Manage SSL/TLS – Since mod_ssl uses the popular OpenSSL library underneath, it is regularly updated to support latest SSL and TLS protocols. It reads, validates and uses your SSL certificates as required, automatically. You do not need to do coding for it. Also, if there are any security vulnerabilities, they are automatically taken care of in mod_ssl updates.
How to Enable mod_ssl in Apache Server
Here are the steps to enable mod_ssl in Apache.
1. Install mod_ssl
First step is to install mod_ssl module in your Apache server. In most cases, it is already installed with Apache and you just need to enable it. If that is not the case for you, then depending on your Linux system, you can run any of the following commands to install it.
# ubuntu/debian systems
sudo apt install libapache2-mod-ssl
# centos/redhat/fedora systems
sudo yum install mod_ssl
OR
sudo dnf install mod_ssl
2. Enable mod_ssl
Next, depending on your system, enable mod_ssl.
Ubuntu/Debian system
sudo a2endmod ssl
Redhat/CentOS/Fedora system
Open Apache configuration file, httpd.conf or apache2.conf. Add or uncomment the following lines in it.
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
3. Configure SSL
You need to add the additional SSL configuration file. Uncomment the following line in your Apache configuration file.
Include conf/extra/httpd-ssl.conf
Add the following directives in it.
SSLCertificateFile "/path/to/certificate.crt"
SSLCertificiateKeyFile "/path/to/private.key"
SSLCACertificateFile "/path/to/ca/bundle.crt"
Replace the above paths with path to SSL certificate file, private key and CA bundle. If you have virtual host file, then you will need to add these variables in the VirtualHost tag in that file.
<VirtualHost *:443>
ServerName your_domain.com
SSLEngine on
...
</VirtualHost>
4. Open Firewall Port 443
HTTPS requests are received by port 443. So once you enable and configure mod_ssl on your server, you need to open port 443 on it. Here are the commands to do it using UFW or usual firewall service.
sudo ufw allow https
OR
sudo ufw allow 443/tcp
sudo firewall-cmd --zone=public --add-service=https --permanent
5. Restart Apache Server
Finally, restart Apache server to apply changes.
sudo service apache2 restart
OR
sudo systemctl restart apache2
If you run Apache using WAMP/XAMPP on Windows, then you need to restart Apache server through its control panel.
6. Test SSL Configuration
Open web browser and try accessing your website using HTTPS version of its URL, like, https://example.com. It should display your website’s home page.
How to Disable mod_ssl in Apache Server
If mod_ssl is not working properly on your Apache server, you may need to disable it temporarily. You can do so using the following steps, depending on your Linux system.
Ubuntu/Debian Linux
sudo a2dismod ssl
Redhat/CentOS/Fedora
Add # at the beginning of following line, as shown. Save and close the file.
#LoadModule ssl_module modules/mod_ssl.so
Restart Apache server to apply changes.
sudo systemctl restart apache2 # ubuntu/debian
sudo systemctl restart httpd # redhat/centos
Conclusion
In this article, we have learnt how to enable mod_ssl in Apache server. We learnt what is mod_ssl, why it is needed, how to install and enable it, and finally how to disable it. These steps work on most Linux systems. You can customize them as per your requirement. If your site/blog runs on Apache server, then you must enable mod_ssl to be able to serve web pages over HTTPS. This will make your website safe and secure.
Also read:
How to Enable CORS in Apache Server
How to Increase Max Connections in Apache Server
How to Enable GZIP Compression in Apache
Sreeram Sreenivasan is the Founder of Ubiq. He has helped many Fortune 500 companies in the areas of BI & software development.