I'm confused on how to get SSL installed with Apache2. From what I've read, mod_ssl is built into Apache2 and requires only a few steps...

1.) Add the --enable-ssl option on the ./configure line

2.) Edit httpd.conf to enable it with LoadModule and AddModule directives.

3.) Extra step to will create a real SSLv2-only server...
SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP

Apache Docs...
http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html

This all seems too easy to be true. I've tried to find better docs, but all I find are posts from others with questions/problems.

Do I need to install OpenSSL before Apache2? What about setting up the ports and iptables to allow traffic on https/443, not to mention setting up the certificates?

Can someone help?!?! I'm desperate for more info!

If you are compiling Apache with mod_ssl from source then yes you will need to install the OpenSSL libraries on your system. You can find them at www.openssl.org

Just follow these steps:

• Download the open ssl source and extract it. At the very least you need to run configure and make. If you want to use OpenSSL for other applications you should also install the lirbaries too.
  
• Now configure Apache with --enable-ssl. You may also need to specify --with-ssl=/usr/local/opensssldir to point it in the right direction.
  
• Once you have built and installed apache you need to edit the httpd.conf file changing the following values where necessary:
  
• Listen 443 - make sure apache is lsitening on port 443
• SSLEngine on - turns on SSL support (this can either be done on a global or a virtual host level)
• SSLCertificateKeyFile conf/ssl/www.mydmoain.com.key - this is the file your private key is kept in (again it can be different for each virtual host)
• SSLCertificateFile conf/ssl/www.mydoamin.com.crt - points to your digital certificate
  
• Next you need to create a private key. You can do this using a program called openssl in the apps dirctory of your OpenSSL source dir. The follwoing command will create an un-encrypted key which you must copy to the location specified by the SSLCertificateKeyFile directive and chmod to 400:
  
  #openssl genrsa 1024 > www.mydomain.com.key
  
• Next you need to generate a Certificate Signing Request which can be done using the following command. Again copy the csr file to the directory where you put the key file and chmod it to 400:
  
  #openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
  
• Now all you need is the certificate. Obviously if you want to get it signed by a Certificate Authority you will need to send them the csr file. You can however temporarily sign the certificate using the following command. This will create the crt file which you will need to move to your certificates directory:
  
  #openssl req -x509 -key www.mydomin.com.key -in www.mydomain.com.csr -out www.mydomain.com.crt
  
• You should be all set now and just need to create an iptables rule if you have a firewall, which is easy enough:
  
  #iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT

Thanks, that was easy!!!

In addition, I had to edit /usr/local/apache2/conf/ssl.conf

I ended up using VirtualHosts (for the first time) as well...

<VirtualHost *:80>
ServerName regular.domain.com
DocumentRoot /home/www-domain
</VirtualHost>

<VirtualHost _default_:443>
ServerName secure.domain.com
DocumentRoot /home/www-domain
SSLEngine On
SSLCertificateFile conf/ssl.crt/www-domain.crt
SSLCertificateKeyFile conf/ssl.key/www-domain.key
</VirtualHost>

Thanks again!

I followed the directions above, but i still cant get ssl working... can anyone help me out with it... I will post my config files if you'd like

~Jake