How do you set up SSL certificates for additional ports in Apache?

Question

Simple question, I just wanted to know how to install SSL certificates in other ports in a webserver. I'm trying to get a web application to be able to have a valid SSL certificate. I use apache2. I've already tried to edit the virtualhost file. I don't even know what I'm trying to do.

**"I don't even know what I'm trying to do"**: and yet you say it's simple! — George Udosen, Aug 29 '17 at 05:40
I know but don't beat yourself up it happens to all of us and no situation is ever so simple, if it were we won't learn a thing :) — George Udosen, Aug 29 '17 at 05:49
By the way, Debian is off-topic here. @George, should we flag the question? — pa4080, Aug 29 '17 at 07:25

George Udosen · Answer 1 · 2017-08-29T06:39:30.753

You make modifications in apache's /etc/apache2/ports.conf to inform apache to listen on these different ports:

Listen 8080
<IfModule ssl_module>            
        Listen 446
</IfModule>

The steps would be:

Create your SSL certificates:

Make directory to add certificates:
```
mkdir -p /etc/apache2/ssl/example.com
```

Create a self signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/example.com/apache.key –out /etc/apache2/ssl/example.com/apache.crt

Enable the ssl module with: sudo a2enmod ssl

Make entries in your Virtualhost files ( called example.conf ), with sudo nano /etc/apache2/sites-available/example.conf

<VirtualHost *:8080>
    ServerAdmin webmaster@localhost
    ServerName example.com
    DocumentRoot /var/www/html

</VirtualHost>


<IfModule mod_ssl.c>
<VirtualHost *:446>

    ServerAdmin webmaster@localhost
    ServerName example.com
    DocumentRoot /var/www/html

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    #   A self-signed (snakeoil) certificate can be created by installing
    #   the ssl-cert package. See
    #   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
    #   If both key and certificate are stored in the same file, only the
    #   SSLCertificateFile directive is needed.
    SSLCertificateFile /etc/apache2/ssl/example.com/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/example.com/apache.key
</VirtualHost>

</IfModule>

Tell apache to listen in the new ports by adding the ports to /etc/apache2/ports.conf file:
```
Listen 8080
<IfModule ssl_module>            
    Listen 446
</IfModule>

<IfModule mod_gnutls.c>
    Listen 446
</IfModule>
```
- This tells apache to listen for SSL traffic on port 446 as against 443
Enable the config files:
```
sudo a2ensite example
```
Restart apache:
```
sudo systemctl restart apache2
```

Do you know how to do the same for web applications already using these ports? — Dan Vu, Aug 29 '17 at 17:13
Refer to their individual config files to change the listening ports then add it to the apache config files — George Udosen, Aug 30 '17 at 05:50

pa4080 · Answer 2 · 2017-08-29T19:38:42.920

First you should read these answers:

Based on the above answers the steps are:

Create a new VirtualHost configuration file, dedicated to your additional port. Let's assume this is port 99, and the configuration file name is https-99.conf:

sudo nano /etc/apache2/sites-available/https-99.conf

The content of https-99.conf should look like this:

<IfModule mod_ssl.c>

Listen 99

<VirtualHost *:99>

        ServerName www.example.com

        DocumentRoot /var/www/html-99

        <Directory /var/www/html-99>
                Options None FollowSymLinks
                AllowOverride None
                # To enable .htaccess Overrides: AllowOverride All
                DirectoryIndex index.html index.php
                Order allow,deny
                Allow from all
                Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/https-99.error.log
        CustomLog ${APACHE_LOG_DIR}/https-99.access.log combined

        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem

</VirtualHost>

</IfModule>

Copy the above content and in nano use: Shift+Insert for paste; Ctrl+O and Enter for save; Ctrl+X for exit.

Enable the configuration file:
```
sudo a2ensite https-99.conf
```

Generate Let's Encrypt certificate files:

sudo letsencrypt --apache certonly --rsa-key-size 4096 --email email@example.com -d www.example.com

Where email@example.com and www.example.com must be real.

Open port 99 into the firewall:
- If you use UFW you can do that by this command: sudo ufw allow 99/tcp
- If you use IPTables: sudo iptables -A INPUT -p tcp -m tcp --dport 99 -j ACCEPT
Create the DocumentRoot directory:
```
sudo mkdir /var/www/html-99
```

Put some simple content in the DocumentRoot directory:

echo 'Hello!!!' | sudo tee /var/www/html-99/index.html

Reload Apache's configuration:
- Ubuntu 14.04: sudo service apache2 reload
- Ubuntu 16.04: sudo systemctl reload apache2.service
Try to open https://www.example.com:99 via the browser. The result should be:

`letsencrypt` / `python-letsencrypt-apache` is available for Ubuntu 16.04 and above, for the previous versions there is [**`certbot`**](https://certbot.eff.org/) which is almost the same. From [Ubuntu Manuals](http://manpages.ubuntu.com/manpages/xenial/en/man1/letsencrypt.1.html). Sert — pa4080, Aug 29 '17 at 19:48

How do you set up SSL certificates for additional ports in Apache?

2 Answers2

Linked