mod_ssl

mod_ssl provides strong cryptography for the Apache v1.3 and v2 webserver via the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) cryptographic protocols by the help of the Open Source SSL/TLS toolkit OpenSSL.^[1]

It is possible to provide HTTP and HTTPS with a single server machine, because HTTP and HTTPS use different server ports, so there is no direct conflict between them. Either run two separate Apache server instances (one binds to port 80, the other to port 443) or even use Apache's virtual hosting facility where you can create two virtual servers which Apache dispatches: one responding to port 80 and speaking HTTP and one responding to port 443 speaking HTTPS.^[1]

mod ssl [EN] @ Wikipedia

Documentation

Apache 2.4 [EN]
- mod_ssl

Hint

Use certification chaining

cd '/etc/pki/CA/'
cat 'cacert-class1.crt' 'cacert_class3.crt' > 'cacert_class1-3.crt'

Edit the file /etc/httpd/conf.d/ssl.conf and add the following line

SSLCACertificateFile /etc/pki/CA/cacert_class1-3.crt

Examples

Redirect all HTTP traffic to HTTPS

LoadModule   ssl_module       modules/mod_ssl.so
LoadModule   rewrite_module   modules/mod_rewrite.so

RewriteEngine on
RewriteCond   %{HTTPS} !=on
RewriteRule   .* https://%{SERVER_NAME}%{REQUEST_URI} [redirect=permanent,last]

References

↑ ^1.0 ^1.1 https://en.wikipedia.org/wiki/Mod_ssl

[wikipedia-1] 1.0 ^1.1 https://en.wikipedia.org/wiki/Mod_ssl

[1]