Re: apache+ssl
Tom Allison wrote:
Or has the decision been made to relegate SSL to only the most uber
elite of the hackerz? I'm frustrated more than I've been in years and
I'm even more frustrated that I've been unable to find anyone who is
willing to share any success. Like I said, it seems to be a state
secret.
HOWTO? Anyone have a HOWTO that actually works?
You got me worried for an hour or so with this post. I've had the apache
ssl
for etch on my todo list for a while, without having an actual need for
it. So
I've postponed the test installation until now. I'm by no means an expert on
this, no über elite . This is just a quick writeup of what I did and what I
accomplished.
(I made a fresh xen domu with etch to do the testing, love xen)
Hostname : wwwtest.example.com
IP : 192.168.1.90
Install apache2
# aptitude install apache2
Open a browser.
http://192.168.1.90
I get the text : It works!
Then I need a certificate. I created the certificate request like this,
specifiying wwwtest.example.com as common name when prompted for it
# openssl req -new -days 365 -nodes -out wwwtest_server.pem -keyout
private/wwwtest_server_key.pem -config /etc/ssl/openssl.cnf
Then I need the certificate signed right ? I did my own signing
# openssl ca -config /etc/ssl/openssl.cnf -out wwwtest_server_cert.pem
-infiles wwwtest_server.pem
Now the certificate is signed, on to apache2
I made a direcorty to put the certificate and key in
# mkdir /etc/apache2/ssl
I then moved wwwtest_server_cert.pem to /etc/apache2/ssl/server.crt
and moved wwwtest_server_key.pem to /etc/apache2/ssl/server.key
Then I enabled the ssl module
# a2enmod ssl
Need to have apache listen to port 443, so added the line
Listen 443
to /etc/apache2/ports.conf
Then I edited /etc/apache2/sites-enabled/000-default
Deleted the line with NameVirtualHost, not using that now.
Changed <VirtualHost *> to <VirtualHost *:80>
And copied the whole VirutalHost definition , changing <VirtualHost *:80>
to <VirtualHost *:443> on the duplicated definition giving me two
virtualhost
defintions ,
<VirutalHost *:80>
.
.
</VirtualHost>
<VirutalHost *:443>
.
.
</VirtualHost>
At the end of the VirtualHost definition for port 443 I entered
<VirutalHost *:443>
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
</VirtualHost>
Then restart apache2. Did
netstat -tap
To verify that apache listens to port 443
# /etc/init.d/apache2 restart
https://192.168.1.90/
Depending on the browser different warnings about the CA or hostname may
pop up,
but that is no concern at the moment.
I get the text : It works!
Then just to be sure it's still working, I removed the VirtualHost *:80
definition from /etc/apache2/sites-enabled/000-default , leaving only the
ssl virtual host. Restarted apache2 and opened the https url in the browser
again and It Works.
This was only to verify that I could do a basic install of apache2 with ssl.
Maybe this helps you.
Reply to: