Apache/SSL - Wikibooks, open books for an open world Jump to content

Apache/SSL

From Wikibooks, open books for an open world

Install and Configure Apache2 with PHP5 and SSL Support

Required Packages

[edit | edit source]
apache2
openssl ssl-cert
libapache2-mod-php5 
php5-cli 
php5-common 
php5-cgi

Configuration Steps

[edit | edit source]

Step 1: generate certificate

[edit | edit source]

For generating certificate Use the following command to generate certificates

 sudo openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -
 keyout /etc/apache2/apache.pem

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank.

Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:West Bengal
Locality Name (eg, city) []:Kolkata
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MAT3 Impex Pvt. Ltd.
Organizational Unit Name (eg, section) []:Crypto-Devel
Common Name (eg, YOUR name) []:Promathesh Mandal
Email Address []:promatesh@mat3impex.com

This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the following command to set the correct permissions

 sudo chmod 600 /etc/apache2/apache.pem

Note: For generating a certificate signing request give the following command

 sudo openssl req -new -key apache.pem -out chikpea.csr

Step 2: listen the port

[edit | edit source]

By default the server will listen for incoming HTTP requests on port 80 - and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.

 Listen 443

Step 3: enable SSL support

[edit | edit source]

If you want to enable SSL support for your apache web server you need to use the following command

 sudo a2enmod ssl

Module ssl installed; run /etc/init.d/apache2 force-reload to enable. Now you need to restart the apache2 server using the following command

 sudo /etc/init.d/apache2 restart

Step 4: configuring SSL Certificate to Virtual Hosts in Apache2

[edit | edit source]

First you need to edit the /etc/apache2/sites-available/default file change

 NameVirtualHost *

to

 NameVirtualHost *:80
 NameVirtualHost *:443

Now you need to configure Virtual hosts using port 80.

Example

[edit | edit source]
 ServerAdmin webmaster@localhost
 .
 .
 .

configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.

 SSLEngine on
 SSLCertificateFile /etc/apache2/apache.pem

Example

 ServerAdmin webmaster@localhost
 .
 .
 .
 SSLEngine on
 SSLCertificateFile /etc/apache2/apache.pem

Now you need to restart your apache web server using the following command

 sudo /etc/init.d/apache2 reload

Sample Files : sample for “ports.conf” file

 Listen 80 
 Listen 443

sample for “default” file

 NameVirtualHost *:80
 NameVirtualHost *:443
 <VirtualHost *:80>
 	DocumentRoot /var/www/
 	<Directory />
  		Options FollowSymLinks
 		AllowOverride None
  	</Directory>
 	<Directory /var/www/>
 		Options Indexes FollowSymLinks MultiViews
 		AllowOverride None
 		Order allow,deny
 		allow from all
 		# This directive allows us to have apache2's default start page
                 # in /apache2-default/, but still have / go to the right place
                 #RedirectMatch ^/$ /apache2-default/
 	</Directory> 
 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 	<Directory "/usr/lib/cgi-bin">
 		AllowOverride None
 		Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
 		Order allow,deny
 		Allow from all
 	</Directory> 
 	ErrorLog /var/log/apache2/error.log 
 	# Possible values include: debug, info, notice, warn, error, crit,
 	# alert, emerg.
 	LogLevel warn
 	CustomLog /var/log/apache2/access.log combined
 	ServerSignature On 
     Alias /doc/ "/usr/share/doc/"
     <Directory "/usr/share/doc/">
         Options Indexes MultiViews FollowSymLinks
         AllowOverride None
         Order deny,allow
         Deny from all
         Allow from 127.0.0.0/255.0.0.0 ::1/128
     </Directory> 
  </VirtualHost> 
  <VirtualHost *:443>
 	ServerAdmin webmaster@localhost
 	SSLEngine on
 	SSLCertificateFile /etc/apache2/apache.pem 	
 	DocumentRoot /var/www/
 	<Directory />
 		Options FollowSymLinks
 		AllowOverride None
 	</Directory>
 	<Directory /var/www/>
 		Options Indexes FollowSymLinks MultiViews
 		AllowOverride None
 		Order allow,deny
 		allow from all
 		# This directive allows us to have apache2's default start page
                 # in /apache2-default/, but still have / go to the right place
                 #RedirectMatch ^/$ /apache2-default/
 	</Directory>
 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 	<Directory "/usr/lib/cgi-bin">
 		AllowOverride None
 		Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
 		Order allow,deny
 		Allow from all
 	</Directory>
 	ErrorLog /var/log/apache2/error.log
 	# Possible values include: debug, info, notice, warn, error, crit,
 	# alert, emerg.
 	LogLevel warn
 	CustomLog /var/log/apache2/access.log combined
 	ServerSignature On
     Alias /doc/ "/usr/share/doc/"
     <Directory "/usr/share/doc/">
         Options Indexes MultiViews FollowSymLinks
         AllowOverride None
         Order deny,allow
         Deny from all
         Allow from 127.0.0.0/255.0.0.0 ::1/128
     </Directory>
   </VirtualHost>