LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Linux Answers > Networking
User Name
Password

Notices

By SiegeX at 2004-09-07 02:02
If you ever do online banking and notice all the URL's start with https:// and have a lockpad symbol on the browser, well thats SSL.

In order to tell Apache to include SSL support we need to edit the /etc/apache/httpd.conf file and scroll ALL the way to the bottom. This is where we will uncomment the following line.
Code:
change this:
#Include /etc/apache/mod_ssl.conf

to this:
Include /etc/apache/mod_ssl.conf
NOTE: The above assumes that your distribution has shipped with mod_ssl and httpd installed. If you installed from source or your distribution does not contain both of these, this LinuxAnswer will not apply to you.

Once that is done you need to make a simple edit to the /etc/rc.d/rc.httpd file so that the apache server knows you want to startup with SSL support.
Code:
change this:
'start')
      /usr/sbin/apachectl start ;;
to this:
'start')
      /usr/sbin/apachectl startssl ;;
Now all thats left is to setup the SSL Certs. If you really don't care about having official certs, Slackware comes with pre-made ones, I use these, but if you ran a legit production webserver you would probably want to spend the money and have real certs made. You also have the option to create your own self-signed certs and if you are interested in that, jump all the way to the bottom of this Howto. Anyway, to use the premade certs run the following commands and say yes to overwrite:
Code:
cp /etc/apache/ssl.crt/snakeoil-rsa.crt /etc/apache/ssl.crt/server.crt
cp /etc/apache/ssl.key/snakeoil-rsa.key /etc/apache/ssl.key/server.key
Now all thats left to do is restart the apache server:
Code:
/etc/rc.d/rc.httpd restart
If you want to make sure that SSL is working correctly run this command:
Code:
netstat -tpan | grep 443
If everything is working correctly, you should get output that looks like the following:
Code:
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      27426/httpd
If you don't get any output whatsoever then something went wrong and you need to look at your /var/log/apache/error_log file.

Now that SSL is all set up, you are going to want to tell Apache what to serve up when somebody connects using https://. This is done by the VirtualHost directive and the one pertaining to SSL connections can be found in the /etc/apache/mod_ssl.conf file. The default looks like this and you will certainly need to change some of the settings.
Code:
<VirtualHost _default_:443>

#  General setup for the virtual host
DocumentRoot "/var/www/htdocs"
ServerName new.host.name
ServerAdmin you@your.address
ErrorLog /var/log/apache/error_log
TransferLog /var/log/apache/access_log
And finally if you want to create your own self-signed certs and not use the ones that come with Slackware thats easy to do as well. I got the following commands from http://www.apache-ssl.org/#FAQ
Code:
Step one - create the key and request:

  openssl req -new > new.cert.csr

Step two - remove the passphrase from the key (optional):

  openssl rsa -in privkey.pem -out new.cert.key

Step three - convert request into signed cert:

   openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1825

Step four - copy the cert and key to the appropriate places

  cp new.cert.cert /etc/apache/ssl.crt/server.crt
  cp new.cert.key /etc/apache/ssl.key/server.key
A few things to note:

When asked for Common Name in step one, be sure to enter the FQDN of your webserver ie www.mywebserver.com

When asked for A challenge password in step one, go ahead and just press enter

If you don't remove the passphrase from the key in Step two, you will be prompted to enter a password every time you run /etc/rc.d/rc.httpd start. This means if your box reboots for some reason, your webserver won't start unless you are there to provide the passphrase.

by provkitir on Sun, 2004-11-21 12:44
Hi
Is that howto directed at slackware or for the general population?
I'm runnin debian 2.6.9 sid and did:
apt-get install apache openssl libapache-mod-ssl

but in httpd.conf, there's no such line #Include <blah> mod_ssl to be found
nor rc.httpd and etc


  



All times are GMT -5. The time now is 09:42 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration