LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-15-2004, 02:20 PM   #1
ridertech
Member
 
Registered: Dec 2003
Location: Seattle, Washington
Distribution: Debian 'Sarge'
Posts: 85

Rep: Reputation: 15
Apache2 with mod_ssl


I'm confused on how to get SSL installed with Apache2. From what I've read, mod_ssl is built into Apache2 and requires only a few steps...

1.) Add the --enable-ssl option on the ./configure line

2.) Edit httpd.conf to enable it with LoadModule and AddModule directives.

3.) Extra step to will create a real SSLv2-only server...
SSLProtocol -all +SSLv2
SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP

Apache Docs...
http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html

This all seems too easy to be true. I've tried to find better docs, but all I find are posts from others with questions/problems.

Do I need to install OpenSSL before Apache2? What about setting up the ports and iptables to allow traffic on https/443, not to mention setting up the certificates?

Can someone help?!?! I'm desperate for more info!
 
Old 02-15-2004, 07:28 PM   #2
codedv
Member
 
Registered: Nov 2003
Location: Slough, UK
Distribution: Debian
Posts: 146

Rep: Reputation: 15
If you are compiling Apache with mod_ssl from source then yes you will need to install the OpenSSL libraries on your system. You can find them at www.openssl.org

Just follow these steps:
  • Download the open ssl source and extract it. At the very least you need to run configure and make. If you want to use OpenSSL for other applications you should also install the lirbaries too.
  • Now configure Apache with --enable-ssl. You may also need to specify --with-ssl=/usr/local/opensssldir to point it in the right direction.
  • Once you have built and installed apache you need to edit the httpd.conf file changing the following values where necessary:
  • Listen 443 - make sure apache is lsitening on port 443
  • SSLEngine on - turns on SSL support (this can either be done on a global or a virtual host level)
  • SSLCertificateKeyFile conf/ssl/www.mydmoain.com.key - this is the file your private key is kept in (again it can be different for each virtual host)
  • SSLCertificateFile conf/ssl/www.mydoamin.com.crt - points to your digital certificate
  • Next you need to create a private key. You can do this using a program called openssl in the apps dirctory of your OpenSSL source dir. The follwoing command will create an un-encrypted key which you must copy to the location specified by the SSLCertificateKeyFile directive and chmod to 400:

    #openssl genrsa 1024 > www.mydomain.com.key
  • Next you need to generate a Certificate Signing Request which can be done using the following command. Again copy the csr file to the directory where you put the key file and chmod it to 400:

    #openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
  • Now all you need is the certificate. Obviously if you want to get it signed by a Certificate Authority you will need to send them the csr file. You can however temporarily sign the certificate using the following command. This will create the crt file which you will need to move to your certificates directory:

    #openssl req -x509 -key www.mydomin.com.key -in www.mydomain.com.csr -out www.mydomain.com.crt
  • You should be all set now and just need to create an iptables rule if you have a firewall, which is easy enough:

    #iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT
 
Old 02-16-2004, 05:24 PM   #3
ridertech
Member
 
Registered: Dec 2003
Location: Seattle, Washington
Distribution: Debian 'Sarge'
Posts: 85

Original Poster
Rep: Reputation: 15
Thanks, that was easy!!!

In addition, I had to edit /usr/local/apache2/conf/ssl.conf

I ended up using VirtualHosts (for the first time) as well...

<VirtualHost *:80>
ServerName regular.domain.com
DocumentRoot /home/www-domain
</VirtualHost>

<VirtualHost _default_:443>
ServerName secure.domain.com
DocumentRoot /home/www-domain
SSLEngine On
SSLCertificateFile conf/ssl.crt/www-domain.crt
SSLCertificateKeyFile conf/ssl.key/www-domain.key
</VirtualHost>

Thanks again!
 
Old 04-07-2004, 10:08 PM   #4
JSylvia007
LQ Newbie
 
Registered: Aug 2003
Location: USA EAST
Distribution: Mandrake10.0 Community, Gentoo Linux
Posts: 25

Rep: Reputation: 15
I followed the directions above, but i still cant get ssl working... can anyone help me out with it... I will post my config files if you'd like

~Jake
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache2 and mod_ssl as a DSO Rumblefish Linux - Software 1 12-01-2004 03:25 PM
how to uninstall apache2 which is installed by emerge apache2 flybirdlong Linux - Software 1 07-17-2004 11:46 AM
Apache2 mod_ssl signing with sign.sh MatthewJWatkins Linux - Software 1 10-26-2003 08:41 PM
Apache2 mod_ssl loaded but no ssl connections? FearPasion710 Linux - General 4 10-18-2003 10:27 PM
where can I find mod_ssl for apache2 VoodooLiu Linux - Networking 4 09-07-2003 01:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration