azuretomcat

Enable HTTPS support with Apache

TIP: To quickly get started with HTTPS and SSL, follow these instructions to auto-configure a Let’s Encrypt SSL certificate.

NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

IMPORTANT: For security reasons, never post or disclose your server’s SSL private key in a public forum.

Once you obtain the certificate and certificate key files, you will need to update your server to use them.

Follow the steps below to activate SSL support:

  • Use the table below to identify the correct locations for your certificate and configuration files.

    Variable Value
    Current application URL https://[custom-domain]/
    Example: https://my-domain.com/ or https://my-domain.com/appname
    Application virtual host file /opt/bitnami/apache/conf/vhosts/APPNAME-https-vhost.conf
    Apache configuration file /opt/bitnami/apache/conf/bitnami/bitnami.conf
    Certificate file /opt/bitnami/apache/conf/bitnami/certs/server.crt
    Certificate key file /opt/bitnami/apache/conf/bitnami/certs/server.key
  • Copy your SSL certificate and certificate key file to the specified locations.

    NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.

  • If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table.

  • Check if the application virtual host file listed in the next table exists and modify it to include an additional directive, below the SSLCertificateKeyFile directive. If the application virtual host file does not exist, modify the Apache configuration file instead.

    Variable Value
    Application virtual host file /opt/bitnami/apache/conf/vhosts/APPNAME-https-vhost.conf
    Apache configuration file /opt/bitnami/apache/conf/bitnami/bitnami.conf
    Directive to include SSLCACertificateFile “/opt/bitnami/apache/conf/bitnami/certs/server-ca.crt”

    NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.

  • Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

      $ sudo chown root:root /opt/bitnami/apache/conf/bitnami/certs/server*
      $ sudo chmod 600 /opt/bitnami/apache/conf/bitnami/certs/server*
    
  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart the Apache server.

You should now be able to access your application using an HTTPS URL. In case of server startup errors, check the SSL certificate and key

Check out the following tutorials if you want to learn more about configuring HTTPS.

Last modification October 13, 2023