Coders' Corner Search:
Windows
    Apache (7)
        mod_perl (2)
    File Types (32)
    Internet Explorer (5)
    Network (7)
    Printing
    Processes (5)
    Programming (241)

 
Exchange Links
 

Links to us

 

 

 General :: Linux :: Apache
Know-how about Apache, the most popular web server. Both Linux and Windows related information,

Articles:

Featured Article

Providing a https server using Apache and OpenSSL

Needed:
This article assumes that you have Apache 2.0 already installed on Unix. (The steps would basically be the same in Windows though.) Further you need:

- mod-ssl-2.2.6 or later
- OpenSSL-0.9.5a or later
- a digital SSL certificate e.g. from VeriSign


OpenSSL:
You must compile the OpenSSL package first
$ ./config
$ make
$ make test
$ make install

mod_ssl:
Then compile and install mod_ssl (if not already installed):

$ cd mod_ssl-2.6.x-1.3.x
$ ./configure \
--with-apache=../apache_1.3.x \
--with-ssl=../openssl-0.9.x \
--with-mm=../mm-1.1.x \
--with-crt=/path/to/your/server.crt \
--with-key=/path/to/your/server.key \
--prefix=/path/to/apache
$ cd ../apache_1.3.x
$ make
$ make certificate
$ make install

Configure commonhttpd.conf for SSL Support

After Apache mod-ssl is installed, you can configure your httpd config file like you would for a normal site.
You have to setup your SSL secure site through a VirtualHost. The apache configuration will look like this:

ServerAdmin admin@oursite.com
DocumentRoot /home/httpd/oursite/
ErrorLog /var/log/httpd/oursite-errors_log
TransferLog /var/log/httpd/oursite-transfers_log

To add SSL support to your VirtualHost you must enable it and tell it where you have your certificate and key to decrypt it with:

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

Now you can start up Apache in SSL mode by typing the following:

[root@machine42 #] /usr/sbin/httpd -startssl
read RSA key
Enter PEM pass phrase:

It will ask you for a password to decrypt your key for the SSL encryption.
This could prevent apache from working on startup if started unattended.
You can work around this but it's less secure than. Go to where you stored httpd.conf and in the ssl.key directory you should see server.key.
This file server.keycontains your encrypted key. Now you can decrypt the key permently. Make a backup of this file:

[root@machine42 #] cp /path/to/apache-conf/ssl.key/server.key server.key.old

Decrypt the key using the OpenSSL tool:

[root@machine42 #] /usr/sbin/openssl rsa -in server.key.old -out server.key
read RSA key
Enter PEM pass phrase:

It will prompt you for your password and decrypt your key. server.key now contains an unencrypted key. You must still start apache with httpd --startssl or the start-up file included with your RPM or dpkg.