Configure SSL for Apache2 Web Server on Debian http://blog.ditatompel.crayoncreative.net/how-to/configure-ssl-for-apache2-web-server-on-debian/ Normal web traffic is sent unencrypted over the Internet. That is, anyone with access to the right tools can snoop all of that traffic. Obviously, this can lead to problems, especially where security and privacy is necessary, such as in credit card data and bank transactions. The Secure Socket Layer is used to encrypt the data stream between the web server and the web client (the browser). This section will serve as a very brief introduction to SSL, the Secure Socket Layer. Cryptography is a very extensive topic which literally fills volumes of texts. The following is an extremely simplified view of how SSL is implemented and what part the certificate plays in the entire process. There may be some small inaccuracies in an effort to present the information in the easiest possible format. This guide will assist you with enabling SSL for websites served under the Apache web server. I've assumed that you've successfully set up Apache for serving virtual hosts before. These steps could be performed via an SSH session to your VPS (or CLI from your local virtual webserver (localhost) ). I use my local virtual webserver in this article with : Server name : crayon.gov public html dir : /home/ditatompel/public_html First install openssl if you didn't install it yet sudo apt-get install openssl then create ssl directory : mkdir /home/ditatompel/ssl cd ssl Generate a Self-Signed Certificate You will be asked for several configuration values. Enter values appropriate for your organization and server, as shown here. This example will create a certificate valid for 365 days; you may wish to increase this value. openssl req -new -x509 -days 365 -nodes -out /home/ditatompel/ssl/apache.pem -keyout /home/ditatompel/ssl/apache.key OUTPUT Generating a 1024 bit RSA private key ..++++++ ............................................................................++++ ++ writing new private key to 'apache.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:ID State or Province Name (full name) [Some-State]:Central Java Locality Name (eg, city) []:Semarang Organization Name (eg, company) [Internet Widgits Pty Ltd]:Crayon Indonesia Inc Organizational Unit Name (eg, section) []:Technology Service Common Name (eg, YOUR name) []:crayon.gov Email Address []:root@crayon.gov Create and enable the SSL site I've named ssl file config for my SSL site sudo nano /etc/apache2/sites-available/ssl and write down this site configurations SSLEngine On SSLCertificateFile /home/ditatompel/ssl/apache.pem SSLCertificateKeyFile /home/ditatompel/ssl/apache.key ServerAdmin root@crayon.gov ServerName crayon.gov DocumentRoot /home/ditatompel/public_html/ ErrorLog /home/ditatompel/logs/sslerror.log CustomLog /home/ditatompel/logs/sslaccess.log combined enable SSL Module for apache and enable the SSL site sudo a2enmod ssl; a2ensite ssl then Restart Apache: sudo /etc/init.d/apache2 restart You should now be able to visit your site with SSL enabled (after accepting your browser's warnings about the certificate). Additional Mod rewrite It's always good to force users to access things like webmail via https, this can be accomplished with mod_rewrite. First you'll have to enable the module sudo a2enmod rewrite Then add the following to /etc/apache2/sites-available/default to force an SSL connection and redirect all traffic to port 80 to port 443 (HTTPS) RewriteEngine on RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]