Re: apache+ssl

To: Debian User List <debian-user@lists.debian.org>
Subject: Re: apache+ssl
From: Jan-Petter Kruger <jpk@mosedotten.com>
Date: Tue, 05 Jun 2007 20:47:04 +0200
Message-id: <[🔎] 4665AFA8.2010407@mosedotten.com>
In-reply-to: <[🔎] 4664A536.6010603@tacocat.net>
References: <4663AC92.1090403@tacocat.net> <[🔎] 4664A536.6010603@tacocat.net>

Tom Allison wrote:

Or has the decision been made to relegate SSL to only the most uberelite of the hackerz? I'm frustrated more than I've been in years andI'm even more frustrated that I've been unable to find anyone who iswilling to share any success. Like I said, it seems to be a statesecret.
HOWTO?  Anyone have a HOWTO that actually works?

You got me worried for an hour or so with this post. I've had the apachesslfor etch on my todo list for a while, without having an actual need forit. So

I've postponed the test installation until now. I'm by no means an expert on
this, no über elite . This is just a quick writeup of what I did and what I
accomplished.

(I made a fresh xen domu with etch to do the testing, love xen)

Hostname : wwwtest.example.com
IP : 192.168.1.90

Install apache2

# aptitude install apache2

Open a browser.

http://192.168.1.90

I get the text : It works!

Then I need a certificate. I created the certificate request like this,
specifiying wwwtest.example.com as common name when prompted for it

# openssl req -new -days 365 -nodes -out wwwtest_server.pem -keyoutprivate/wwwtest_server_key.pem -config /etc/ssl/openssl.cnf


Then I need the certificate signed right ? I did my own signing

# openssl ca -config /etc/ssl/openssl.cnf -out wwwtest_server_cert.pem-infiles wwwtest_server.pem


Now the certificate is signed, on to apache2

I made a direcorty to put the certificate and key in

# mkdir /etc/apache2/ssl

I then moved wwwtest_server_cert.pem to /etc/apache2/ssl/server.crt
and moved wwwtest_server_key.pem to /etc/apache2/ssl/server.key

Then I enabled the ssl module

# a2enmod ssl

Need to have apache listen to port 443, so added the line

Listen 443

to /etc/apache2/ports.conf

Then I edited /etc/apache2/sites-enabled/000-default
Deleted the line with NameVirtualHost, not using that now.

Changed <VirtualHost *> to <VirtualHost *:80>

And copied the whole VirutalHost definition , changing <VirtualHost *:80>

to <VirtualHost *:443> on the duplicated definition giving me twovirtualhost

defintions ,

<VirutalHost *:80>
.
.
</VirtualHost>

<VirutalHost *:443>
.
.
</VirtualHost>

At the end of the VirtualHost definition for port 443 I entered

<VirutalHost *:443>
.
.
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/server.crt
 SSLCertificateKeyFile /etc/apache2/ssl/server.key
</VirtualHost>

Then restart apache2. Did

netstat -tap

To verify that apache listens to port 443

# /etc/init.d/apache2 restart

https://192.168.1.90/

Depending on the browser different warnings about the CA or hostname maypop up,

but that is no concern at the moment.

I get the text : It works!

Then just to be sure it's still working, I removed the VirtualHost *:80
definition from /etc/apache2/sites-enabled/000-default , leaving only the
ssl virtual host. Restarted apache2 and opened the https url in the browser
again and It Works.

This was only to verify that I could do a basic install of apache2 with ssl.

Maybe this helps you.

Reply to:

Follow-Ups:
- Re: apache+ssl
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: apache+ssl
  - From: Tom Allison <tom@tacocat.net>

References:
- apache+ssl
  - From: Tom Allison <tom@tacocat.net>

Prev by Date: Locales not supported on X server
Next by Date: Re: hwclock & /dev/rtc
Previous by thread: Re: apache+ssl
Next by thread: Re: apache+ssl
Index(es):
- Date
- Thread