Raspberry Pi SSL Server

Hello Abhijit,

As the Raspberry PI support raspbian that is a Debian distribution, I suggest to install openssl over apache; there is also the advantage that you have all open source components and with openssl installed you can create the self-certificate. This will give you the ssl behaviour to your webserver without the need to manage an expensive certificate authority.

There is a well described tutorial on how to setup the openssl and self-certificate over apache in Debian in the Debian wiki at the following link: https://wiki.debian.org/Self-Signed_Certificate

Hope this can be helpful.

Enrico

On top of that, I would suggest you look into "letsencrypt".

What Enrico suggests will give you a "self-signed" certificate: People who are passively intercepting the data between you and your users will not be able to see the content. But someone who can actively intercept the traffic can create his own self-signed certificate and pretend to be you (and then decrypt and re-encrypt the traffic to your server, peeking at the content when it is decrypted). That's why there will be a padlock, but red in the URL bar....

letsencrypt will give you a free "official" certificate, resulting in the green padlock.

On top of that, I would suggest you look into "letsencrypt".

What Enrico suggests will give you a "self-signed" certificate: People who are passively intercepting the data between you and your users will not be able to see the content. But someone who can actively intercept the traffic can create his own self-signed certificate and pretend to be you (and then decrypt and re-encrypt the traffic to your server, peeking at the content when it is decrypted). That's why there will be a padlock, but red in the URL bar....

letsencrypt will give you a free "official" certificate, resulting in the green padlock.

Great suggestion Roger. I will investigate and adopt it asap

Thank you. Enrico

On top of that, I would suggest you look into "letsencrypt".

+1

Came here with the same suggestion. But you beat me to it.

Hello Roger. Thank you for the suggestion. As per your suggestion, I looked into let's encrypt and followed a few tutorials out there. However, I was facing with some error "404. Could not find some file" in the acme-challenge folder. If you have worked on let's encrypt on RPi, please do help me here.

I am going away for a long weekend. I do not have the RPi with  me as of now. I'll post the error messages once I'm back to work. Let me know if you could resolve them.

Abhijit

I am terribly sorry, but I have not personally installed the letsencrypt stuff. A colleague suggested letsencrypt for my site a while back, and I'm in the fortunate position to be able to make him voluteer for the job of actually implementing it. And from what I hear, it's not that hard.

Still, usually on Linux you get reasonable error messages. That means that if letsencrypt is looking for a file on YOUR server and gets a 404, you can look in the logfile to see their request to your webserver, and the server will log something to the effect that file XXX/YYY/ZZZ.html was not found.

If on the other hand, you are getting a 404 somewhere else, you need to look into what URL was requested, and why it is now "gone". Maybe start back at the homepage?

rew, Thank you for the suggestions. Let's Encrypt was a savior and finally achieved the 'green padlock' for the domain.

For the errors I was facing, I had already tweaked Apache configuration a lot many times to achieve the padlock and tried many different ways to generate the certs. So removing Apache and again setting up helped me resolve it. I was then able to successfully generate certificates using Let's Encrypt.

If anybody needs the guide, let me know, I'll create a blog post.

Abhijit.

Yeah, abhijitnathwani is correct.

As we try many different solutions so apache configuration file was disturbed. So we will remove entire apache and install it from zero and go with steps suggested by rew.

Thanks for your suggestion