apache2 https setup on ubuntu server

It would help if you explained a little more about what you are trying to do, what actions you have taken towards that goal, and the results you have received from those efforts.

I've never worked with tomcat, and am unaware of how it will impact Apache's configuration for SSL.

In Apache, you create an SSL site by:

1) Using the Listen directive to configure Apache to listen to your SSL port (default 443)
2) Purchasing an SSL certificate from an established, trusted vendor such as GeoTrust, Thawte, Verisign, etc.  If you are not concerned with trust, you can use your own self-signed certificate
3) Using the mod_ssl directives to configure SSL for a site (see http://httpd.apache.org/docs/2.2/mod/mod_ssl.html, specifically SSLEngine, SSLCertificateFile, SSLCertificateKeyFile, at a minimum)

@routinet: Thanks!. first I've to make https setup and I think the tutorial is outdated for intrepid and karmic servers.

@bougui: Your post is useful in the future. Before that I've to make https setup and what I mean to say is after setting ssl/https, users are prompted to add the certificate(own certificate) every time they visit the page and I wondering if it's possible to stop forcing to add. Any https setup link for ubuntu?

@bougui: I forgot to Thank you!

Hi,

 I think that what is hapening is that you have installed a SELF sign certificate.

If this is the case,  you can buy a commercial certificate (like from rapidssl.com), and user won't have to add anythnig to there browser when they visit your pages.  

Also if you go to rapidssl you will have all the instructions on hot ot install a commercial certificate to any linux server.

Let us know if you need more info.

Bye

I also need the links or guides on how to prepare https self signed certificate on ubuntu 8.10 and 9.10.

Here is a great site with the instructions and explanation of how to generate your certificate request (for signing by a third party such as GeoTrust), or make your own self-signed certificate:

http://slacksite.com/apache/certificate.php

As mentioned by other experts, if you sign your own certificate, your users will always be prompted.  To get rid of the warning, you will need to purchase a certificate from a trust certificate vendor like GeoTrust, Verisign, Thawte, or any number of other companies.  Also, be sure to read the exact warning you are receiving.  There are similar-looking warnings for different types of issues.

First of all I would like to thank you both for your help. I checked installing self-singed certificate and it's working. I want to use the third party certificate and I've few questions regarding this.

which CA is best/good?
How I could request(by what way) for the certificate submitting my csr?
How it is charged, one-time payment or...???
Have I to follow all the steps again how I did for self-signed?.

Thank you!

Hi

We use http://www.rapidssl.com/ all instrauction on how to user your CSR etc etc is on there web site.

All is done via there website.

You have to pay once for 1 certificate, you can choose a certificate valid for 1, 2, 3, 5 years, I would suggest at leat 2 years.

If you go with rapidssl, you will have to received an email for the destination domain to accept a certificate for that domain, and you will received a call just to confirm the order.

The rest is simple.

Bye

I may not have the choice to select the ssl providers but thanks. What steps I've to follow after I receive the certificate?.

@routinet: I didn't see ur last post, may be both posted at the same time. So after I receive the certificate, I should replace my self-signed certificate with the vendor supplied certificate where ever I specified. Is that it?.

Actually to say I have apache2 and tomcat setup with mod_jk. So both runs on the port 80 and apache & the jsp pages are accessed by www.mydomainname.com.

I doubt if the certificate purchased may not work because I saw on some ssl providers site that following different steps for apache and for tomcat(something 'keytool' of java) to generating csr. So I'm confused what in my case.