SSL over Apache [Step by Step]

Willy Wed, 05 Apr 2006 20:10:21 -0700

Hi,
I get some private requests to share how did I solve my SSL over Apache 
problem. Here are the steps:


Make sure you have FQDN hostname.

Install every needed packages (openssl and apache), I recommend to use swup to 
avoid the dependencies problem.

Make directory where the SSL certificates will be stored, I use 
/etc/httpd/conf/certs/hostname

# openssl genrsa -des3 -out hostname.key 1024, during this step you will be 
prompted to enter your passphrase, please note that you must remember it!

# openssl req -new -key hostname.key -out hostname.csr, enter your FQDN as your 
CommonName.

# openssl req -new -key hostname.key -x509 -out hostname.crt

# vi /etc/httpd/conf.d/ssl.conf
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog     builtin
SSLSessionCache         none
SSLSessionCacheTimeout  300
SSLMutex                sem

SSLRandomSeed startup   file:/dev/urandom 1024
SSLRandomSeed connect   file:/dev/urandom 1024

Listen 443

<VirtualHost 1.2.3.4:443>
DocumentRoot /home/httpd/html
ServerName my.hostname.is
ServerAdmin [EMAIL PROTECTED]
ErrorLog /etc/httpd/logs/ssl_error_log
TransferLog /etc/httpd/logs/ssl_access_log

SSLEngine on

SSLCertificateFile /etc/httpd/conf/hostname/hostname.crt
SSLCertificateKeyFile /etc/httpd/conf/hostname/hostname.key
SSLVerifyClient none
SSLVerifyDepth  10

<Files ~ "\.(cgi|shtml)$">
      SSLOptions +StdEnvVars
</Files>

<Directory "/etc/httpd/cgi-bin">
      SSLOptions +StdEnvVars
</Directory>

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /etc/httpd/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
</IfDefine>

# service httpd stop

# vi /etc/sysconfig/httpd
HTTPDARGS="-D SSL"

# apachectl startssl
# apachectl restart

Why I use apachectl not service httpd instead? TSL httpd init script always 
freezed everytime I activate SSL.
Test the configuration and watch log files. I hope this can help other TSL 
users especially TSL 3.0.
This step by step is reffered from 
http://www.tldp.org/HOWTO/SSL-RedHat-HOWTO-3.html

Regards


Willy
_______________________________________________
tsl-discuss mailing list
[email protected]
http://lists.trustix.org/mailman/listinfo/tsl-discuss

SSL over Apache [Step by Step]

Reply via email to