Securing Apache with SSL
Nowadays, it's a great idea to ensure your organization's website is encrypted and available over HTTPS. Encrypting your web traffic is not that hard to do, and will help protect your organization against common exploits. Utilizing SSL doesn't protect you from all exploits being used in the wild, but it does offer a layer of protection you'll want to benefit from. In this section, we'll look at how to use SSL with our Apache installation. We'll work through enabling SSL, generating certificates, and configuring Apache to use those certificates with both a single site configuration, as well as with virtual hosts.
By default, Ubuntu's Apache configuration listens for traffic on port 80, but not port 443 (HTTPS). You can check this yourself by running the following command:
# netstat -tulpn |grep apache
The results will show the ports that Apache is listening on, which is only port 80 by default:
tcp6 0 0 :::80 :::* LISTEN 2791/apache2
If the...
