SSL / TLS Support
SSL may be enabled by adding self-signed certificates. However a more clever approach involves:
It fully suffices to get the firefox browser working this way. Google-Chrome is known for additional security restrictions.
The following docs may help you:
Tip
-
To understand virtual host related certificate issues read about server name indication.
-
Using SSL with Apache requires the activation of the corresponding module. The Ubuntu version of Apache comes with two commands a2enmod and a2dismod for enabling and disabling modules by managing symbolic links from
/etc/apache2/mods-enabled
to/etc/apache2/mods-available
. -
Working With Self-Signed Certificates in Chrome (Walkthrough Edition)
This works for both Chrome and Firefox and most likely for other browsers as well. It describes the creation of a wildcard certificate being valid for a subdomain like e.g.
g4.sdi.mi.hdm-stuttgart.de
. The Base64 certificate conversion is not being required since Apache 2.4 will happily accept both generatedtls.crt
andtls.key
files.For a better understanding of the underlying concepts consider the related stackoverflow.com article for providing a “Subject Alternative Name” extension when creating your certificate signing request. Certificate creation requires the following superuser.com proposal:
keyUsage = nonRepudiation, digitalSignature, keyEncipherment