How to setup http protocol with SSL on LAMP environment

How to setup http protocol with SSL on LAMP environment

Today I’ll explain how to setup testing environment with https protocol on Ubuntu. It should take around 10-15 minutes to do it manually. I assume you have installed LAMPP on your development PC.

First thing first. We’ll need an SSL certificate to even begin. So I’ll explain how to create self-signed SSL certificate. There are even free trusted SSL certificates out there, but i haven’t tried them. 😀 You can look it up here: http://www.cacert.org and http://cert.startcom.org. But lets go back on topic of creating it by ourselves.

Open up the Console, and type in the following:

  • openssl genrsa -aes256 -out pass.key 2048

it will ask you for password, so you should provide one

  • openssl rsa -in pass.key -out oursite.key

it will ask you for the password you entered for initial key generation, and if everything goes well, it will generate the key

  • openssl req -new -x509 -nodes -sha1 -key oursite.key -out oursite.crt -days 999 -config /opt/lampp/share/openssl/openssl.cnf

note that this is the part where we create our actual certificate (oursite.crt), and also, change the last part according to your LAMPP installation. Also, this part will ask you for some information about the certificate itself.

Note: also, you can insert a dot to leave the field empty.

Next part will be the about actual setup.So we need to navigate to /opt/lampp/etc and copy our key (oursite.key) and crt files (oursite.crt) to according folders (ssl.key and ssl.crt).

After that navigate to /opt/lampp/etc/extra and edit the “httpd-ssl.conf” file. Insert this fragment at the end of the file:

 
 
DocumentRoot /oursite/project/root/directory
ServerName oursite:443
ServerAdmin you@oursite
ErrorLog /opt/lampp/logs/error_log
TransferLog /opt/lampp/logs/access_log
 
SetEnv APPLICATION_ENV development
 
SSLEngine on
 
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
SSLCertificateFile /opt/lampp/etc/ssl.crt/oursite.crt
 
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/oursite.key
 
<filesmatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
 
<directory "/oursite/project/root/directory">
SSLOptions +StdEnvVars
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
 
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
 
CustomLog /opt/lampp/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
 

This part is pretty much self-explained, so please edit it for your specific case. Now, you should navigate to httpd.conf file (/opt/lampp/etc directory in my case), and see if this line is commented “#Include conf/extra/httpd-ssl.conf”. If it is, uncomment it.

Only thing left to do is to navigate to hosts file (/etc/hosts) and add a line at the end as follows:

127.0.0.1          oursite

Save everything if you still haven’t and restart apache.

Open up your favourite web broser and enter our new url: https://oursite

After confirming the certificate, everything is done. I hope I’ve learned you something new today. 😉

You made it all the way down here so you must have enjoyed this post! You may also like:

Easily manage LAMP name based virtual hosts Marko Martinovic
Marko Martinovic, | 4

Easily manage LAMP name based virtual hosts

3 comments

  1. I am getting an error after executing the last statement. I am doing it on local.
    Cannot open input file /opt/lampp/share/openssl/openssl.cnf, No such file or directory

  2. I would recommend you to use Let’s Encrypt for applying SSL on PHP websites. Let’s encrypt is available for free and it will remain free. It is easy to install and configure with your website.

  3. Hi,
    a very good explanation. Worked at first try. But how can i force users to go via ssl? (redirect from http to https per rewrite dont work for lampp)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <blockquote cite=""> <code> <del datetime=""> <em> <s> <strike> <strong>. You may use following syntax for source code: <pre><code>$current = "Inchoo";</code></pre>.

Tell us about your project

Drop us a line. We'd love to know more about your project.