Enabling apache-SSL

[true1ever]

What files need to be edited to enable apache to work in SSL mode (https), port 443?

thanks in advance,
Jim

[Goner]

hi,

the mod_ssl module is loaded in /etc/apache/httpd.conf so it should be enabled.
other modules, like PHP, server-info & server-status also work fine ...
only problem is that the httpd.conf is write-proteced (linked), so i copied it to alt.conf, edited that file and enabled the modules i wanted and used "apache -f /etc/apache/alt.conf"

i searched around a bit and found this :
http://ist.uwaterloo.ca/security/lib.../howto/ssleay/
it seems you need to install a certificate to enable SSL ??

Goner

hi,

the mod_ssl module is loaded in /etc/apache/httpd.conf so it should be enabled.
other modules, like PHP, server-info & server-status also work fine ...
only problem is that the httpd.conf is write-proteced (linked), so i copied it to alt.conf, edited that file and enabled the modules i wanted and used "apache -f /etc/apache/alt.conf"

i searched around a bit and found this :
http://ist.uwaterloo.ca/security/lib.../howto/ssleay/
it seems you need to install a certificate to enable SSL ??

Goner

I tried various other things, including creating a certificate, was not able to get it to work on port 443 using SSL yet.

Jim

[ikk]

Ok,

I got it working after this:

I used the (installed) libapache-mod-ssl package to create certificates.
Go to /usr/share/doc/libapache-mod-ssl/examples
Unzip gid-mkcert.sh.gz and run it.
Fill out all the fields, and a bunch of server.* and ca.* files will be created in the current directory.
(remember the pass phrases you use).

Copy the .key files (ca.key and server.key) to /etc/apache/ssl.key
Copy the .crt files (ca.crt and server.crt) to /etc/apache/ssl.crt
Copy the .crs files (ca.crs and server.crs) to /etc/apache/ssl.crs

Add the following to /etc/apache/httpd.conf:

Code:

Listen 80
Listen 443

And:

Code:

<VirtualHost _default_:443>
     DocumentRoot /var/www
     ServerName My.server.com
     ServerAdmin webmaster@my.server.com
     ErrorLog /var/log/apache/ssl_error_log
     TransferLog /var/log/apache/ssl_access_log
     SSLEngine On
     SSLCertificateFile /etc/apache/conf/ssl.crt/server.crt
     SSLCertificateKeyFile /etc/apache/conf/ssl.key/server.key
    <Files ~ "\.(cgi|shtml|php)$">
      SSLOptions +StdEnvVars
    </Files>
    <Directory "/cgi-bin">
      SSLOptions +StdEnvVars
    </Directory>
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    CustomLog /var/log/apache/ssl_request_log \
      "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

Restart the httpd server:

Code:

/etc/init.d/apache restart

You will be asked for the RSA pass phrase.

Regards,

IKK