Online, it is crucial for your visitors to know that the connection is secure. To encrypt the connection to your website, SSL certificates are commonly used to establish a secure connection. Webmasters may buy SSL certificates to secure their website from web hosting companies who sell offerings from premium vendors such as GeoTrust, Verisign, and others.
In default configuration, Apache Archiva 2.2 uses HTTP, and official documentation tells nothing how to change it to HTTPS. I think that this can be done by modifying conf/jetty.xml file, but when I try to do this, as described in Jetty documentation, it only gives me errors like. Only the port number 443 and SSL. Lines are different from normal http config. Save you config file and restart apache service. Then you can visit The web browser will warn you that it's unsafe at the first time, just choose go on. Entire site (.htaccess): Note: While the rules you need are the same as above (because the rule above doesn't depend on any of the quirks of rewrite in.htaccess), you will need to ensure that you place this in a.htaccess file in the root of the site you want to apply it against, and to make sure you have the appropriate AllowOverride configuration in your httpd.conf.
Assuming you have apache and open ssl installed, you would like to generate and setup an SSL certificate for a domain and generate a CSR.
First, Generate the RSA & CSR (Signing Request)
[root@chevelle root]#
[root@chevelle root]# cd /etc/httpd/conf/ssl.key
Generate the RSA without a passphrase: Generating a RSA private key without a passphrase (I recommended this, otherwise when apache restarts, you have to enter a passphrase which can leave the server offline until someone inputs the passphrase)
[root@chevelle /etc/httpd/conf/ssl.key]# openssl genrsa -out yourdomain.key 1024
Or, with a passphrase: Generating a RSA private key with a passphrase. You will be prompted to enter a passphrase right after you hit enter.
[root@chevelle/etc/httpd/conf/ssl.key]# openssl genrsa -des3 -out yourdomain.key 1024
You should generally NOT generate the RSA private key with a passphrase if you have scripts that restart apache automatically in case of a crash or otherwise. If there is a passphrase, Apache will just sit there and wait for the script to input the passphrase which means downtime, and downtime usually equals bad.
Next generate the CSR using the RSA Private Key
[root@chevelle/etc/httpd/conf/ssl.csr]# openssl req -new -key yourdomain.key -out yourdomain.csr
[root@chevelle/etc/httpd/conf/ssl.csr]# mv yourdomain.csr ../ssl.csr
You will be asked to enter your Common Name, Organization, Organization Unit, City or Locality, State or Province and Country.
Do not enter these characters ‘< > ~ ! @ # $ % ^ * / ( ) ?.,&’ because they will not be accepted.
Common Name: the domain for the web server (e.g. MYdomain.com)
Organization: the name of your organization (e.g. YUPAPA)
Organization Unit: the section of the organization (e.g. Sales)
City or Locality: the city where your organzation is located (e.g. Flanders)
State or Province: the state / province where your organzation is located (e.g New Jersey)
Country: the country where your organzation is located (e.g US)
You may be asked for an email address and a challenge password. I usually just hit enter.
Now you should have:
/etc/httpd/conf/ssl.key/yourdomain.key
/etc/httpd/conf/ssl.csr/yourdomain.csr
Be sure to always make a backup copy of your private key! If you lose it, you’ll have to purchase a new cert!
Now you need to submit your CSR to your provider and they will mail you the certificate. They usually also send you a confirmation email before the certificate is sent out.
Now that you have the certificate..
Installing the Certificate for Apache
[root@chevelle root]# cd /etc/httpd/conf/ssl.crt
Copy the certificate that they mailed you to yourdomain.crt
Open your httpd.conf file and place the following to your virtualhost
<VirtualHost 209.123.546.123:443>
– other config details-
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/yourdomain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/yourdomain.key
</VirtualHost>
Restart apache
OPTION 1 [root@chevelle /etc/httpd/conf/ssl.crt]# apachectl restart
OPTION 2 (using the sh script) [root@chevelle /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart
You may be asked to enter the passphrase IF you generated the RSA with a passphrase. If you do NOT want to be asked for a passphrase when restarting apache, re-generate your RSA key file.
[root@chevelle /etc/httpd/conf/ssl.crt]# cd ../ssl.key
[root@chevelle /etc/httpd/conf/ssl.key]# mv yourdomain.key yourdomain.key.has-passphrase
[root@chevelle /etc/httpd/conf/ssl.key]# openssl rsa -in yourdomain.key.has-passphrase -out yourdomain.key
And then restart apache again
[root@chevelle /etc/httpd/conf/ssl.crt]# /etc/rc.d/init.d/httpd restart
Now you should be able to access https://yourdomain.com
Apache Use Https Proxy
Apache’s mod_rewrite makes it easy to require SSL to be used on your site and to gently redirect users who forget to add the https when typing the URL. Using Apache to redirect http to https will make sure that your site (or a part of it) will only be accessed by your customers using SSL. This is better than using SSLRequireSSL because users often forget to type in the https and will be automatically redirected.
Before you can set up an Apache redirect from http to https, you will need to do the following:
- Make sure your SSL certificate is successfully installed so you can access https://www.yoursite.com (for more information see our Apache SSL Installation instructions)
- Make sure mod_rewrite is enabled in Apache
Now you just need to edit your httpd.conf file or the file where your virtual host is specified and add these lines to redirect http to https:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
In many cases, you can also just add those lines to a file named .htaccess in the folder that you want to redirect http to https.
Apache Use Https Instead Of Http
Now, when a visitor types http://www.yoursite.com/mypage.htm the server will automatically redirect http to https so that they go to https://www.yoursite.com/mypage.htm
Note: You can also redirect a single page from http to http in Apache by using this in your configuration file or .htaccess file:
Apache 2 Use Https
RewriteEngine On
RewriteRule ^apache-redirect-http-to-https.html$ https://www.yoursite.com/apache-redirect-http-to-https.html [R=301,L]
Apache Use Https
Originally posted on Sat Feb 20, 2010