Securing Apache - Debian/Ubuntu

Step 2 - Preparing the SSL/TLS environment

Preparing the SSL/TLS Environment

Now we need to create and secure the directory where our Certificates and Keys will be stored to be used by Apache. We will also need to create some random Diffie-Helman (DH) Parameters for offsetting the Logjam vulnerability and making a better overall security stance.

Step 2a through Step 2c will create the directory where we are going to put our Website Certificates, Keys and DHParam. There are companies which require Hardware Security Modules (HSM)'s for storage of these things. If you can afford the cost, it s not a bad idea to have a pair. Addtionally, we will also configure http/https for website and the Apache modules.