Select Page

Installing Apache2/OpenSSL on Debian 4

by | Apr 28, 2009 | Linux Administrator

Installing Apache2 and OpenSSL on a Debian 4 system is not as difficult as it may sound.

Apache2 is a sure bet when it comes to web servers and this multi-package configuration for web hosting, is complete with the ability to provide HTTP and HTTPS based web pages.

  1. At the Debian GNU/Linux w/ KDE Welcome Screen, chose the “Menu” option in the lower left part of the screen.
  2. In the Menu chose the “Console Login” option. (You Can also simply click ALT+N from the Debian GNU/Linux w/ KDE Welcome Screen, in place of the first two steps in this section. This is a shortcut to the Console or “CONSOLE MODE”.)
  3. At the Login prompt type: “root” and hit the [enter] key.
  4. Type in the Password of the “root” user and hit the [enter] key. You would have set this password up during installation. See our Installing Debian 4 on a PC guide.
  5. Then you will type the following code:
    test:~# apt-get update
    then press the [enter] key. This will download the latest, most up to date installation packages. Do not try to continue until it has completed the package header downloads.
  6. Once all the package headers have been downloaded, type:
    test:~# apt-get install apache2 openssl
    then press the [enter] key to install the latest version of the Apache2 Web Server (HTTP://)and the OpenSSL (HTTPS://) Server Packages. Once this process completes it will take you back to the # Command Prompt. Next type:
    test:~# mkdir /etc/apache2/ssl
    then press the [enter] key to create a folder called “ssl” in the /etc/apache2 directory. This will also return you to the # Command Prompt. Now type:
    test:~# RANDFILE=/dev/random openssl req $@ -new -x509 -days 365 -nodes
    then press the [enter] key. You will be advanced to the next line to add additional information.
    > out /etc/apache2/ssl/apache.pem ”
    then press the [enter] key. You will be advanced to the next line to add additional information.
    > -keyout /etc/apache2/ssl/apache.pem
    then press the [enter] key. This will walk you through a series of steps to build a “Self Signed” SSL Certificate. Read each step carefully, and answer each question with Short, Direct answers. When it finishes you will be returned to the # Command Prompt.
    test:~# chmod 600 /etc/apache2/ssl/apache.pem
    then press the [enter] key. This sets the file permissions for the apache.pem file and returns you to the # Command Prompt.
    test:~# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl
    then press the [enter] key. This creates a copy of the “default” file named “ssl” for use with our OpenSSL Server.
  7. Now we need to add the site to the sites-enabled directory. This is done by making a symbolic-link to the configuration from /etc/apache2/sites-enabled/. You can see that this has already done for the “default” file by looking in /etc/apache2/sites-enabled/ directory for a “000-default” file. Apache has a command to do this automatically for the ssl file, from the # Command Prompt.
    test:~# cd /etc/apache2/sites-available/
    then press the [enter] key.
    test:~# dir
    then press the [enter] key. You should see both a “default” and a “ssl” file.
  8. Now to enable the SSL Site we have a special “Enable Site” command.
    test:~# a2ensite ssl
    then press the [enter] key.
  9. Next to enable the SSL Mod in Apache2 we have a special “Enable Mod” command.
    test:~# a2enmod ssl
    then press the [enter] key.
    test:~# cd /etc/apache2/sites-enabled/
    then press the [enter] key.
    test:~# dir
    then press the [enter] key. You should see the “000-default” and the “ssl” file in that “sites-enabled” directory.
    test:~# cd ..
    then press the [enter] key. Check to make sure you are in the /etc/apache2 directory now.
    test:~# pico ports.conf
    then press the [enter] key. This will open the “ports.conf” in the PICO NANO file editor. Use your down arrow to get to the line below “Listen 80” and type: “Listen 443”, but DO NOT hit the key this time.
  10. This time, hold down the CTRL key and press the “X” key. This will ask you if you want to save the file. Press the “Y” key.
  11. You will then be prompted to enter a path to save the file. Leave the default path and file in place and hit the key. You will be returned to the # Command Prompt.
    test:~# pico /sites-avaiable/ssl
    then press the [enter] key. This will open the “ssl” file in the PICO NANO file editor. Use your down arrow to get to navigate the document.
  12. Starting with the “NameVirtualHost *” line, edit the file to read as follows:
    NameVirtualHost *:443
    ServerAdmin $USERNAME@YOURSERVERNAME.com
  13. Then scroll to the bottom of the screen and find the “” line. Add a lines above it that reads as follows:
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem
  14. Now hold down the CTRL key and press the “X” key. This will ask you if you want to save the file. Press the “Y” key. You will then be prompted to enter a path to save the file. Leave the default path and file in place and hit the key. You will be returned to the # Command Prompt.
    test:~# cd
    then press the [enter] key. This will take you back to the “root” directory.
    test:~# /etc/init.d/apache2 restart
    then press the [enter] key. This will restart the Apache2 server, and enforce the new modifications you just made.
  15. Bring up a web browser and go to the IP Address of the machine you are working on: (“http://localhost/” if you or working locally or “http://0.0.0.0” if you are working remote.) Hit the [enter] key. You should get a screen that says “It Works!” on it.
  16. In the same web browser change the address to “https://localhost/” or “https://0.0.0.0” in the address bar and hit the [enter] key. You should get a popup asking about the “Self Signed” Security Key.
  17. Accept the Certificate.
  18. Then you will probably get a screen that asks if you want to display the non-secure content.
  19. Accept it as well.
  20. Now you will get a screen that says “It Works!” on it.

Congratulations, you have a fully functional HTTP & HTTPS web server!

UPDATE: This post is old and has been modified for use in new WordPress Theme Designs. In some cases, Categories, Tags and/or the actual Content has been modified. Content found in this post may be dated and irrelevant and should be used with caution. This post may be original to this site or may have come from one of many other WordPress-powered websites I’ve run since 2008. All previous websites have been shuttered; though new ones may pop up in the future.