|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Thursday, 31 May 2001||Author: Michael Sharp|
|Published to: develop_articles_tutorials/Development Tutorials||Page: 1/1 - [Std View]|
Installing Apache with SSL
Linux.com contributor Michael Sharp steps us through installing the world's leading web server, Apache, with SSL support.
This article outlines the steps to installing the Apache Web Server using the latest SSL technology.
Installation of Apache and SSL ( Requires OpenSSL > openssl-0.9.5a or better. www.openssl.com ).
Remember the PEM password you choose! This command will create ssl.key -days 365 means you will have to do steps 14 & 16 again in 365 days
What is veryimportant to remember in creating the the ssl.crt file is deciding "what is the URL people enter to come to my web site? ". For example, if you own blah.com, and you define blah.com when creating the ssl.crt key, then people who access your site via www.blah.com will get a "Certificate Name Check" that might scare people away because it contains a ominous warning. People who access your site via http://blah.com will not get this warning. However you choose to name your server that is how you must define ServerName in the <VirtualHost> section below.
This is the Information you will be presented with when issuing this command:
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:South Carolina
Locality Name (eg, city) :West Columbia
Organization Name (eg,company) [Internet Widgits Pty Ltd]:Michael Sharp
Organizational Unit Name (eg, section) :Secure Web Server
Common Name (eg, your name or your server's hostname) :reality.dynip.com
Email Address :email@example.com
The Common Name portion is where you define what I was talking about in 15.
<VirtualHost your IP or domain name:443> EXAMPLE: <VirtualHost 192.168.1.3:443>
SSLRandomFile /dev/random 1024
DocumentRoot /usr/local/apache/htdocs ServerName www.CHANGE-THIS.com
ErrorLog /usr/local/apache/logs/httpsd_error.log TransferLog /usr/local/apache/logs/httpsd_access.log SSLEnable
SSLCertificateFile /usr/local/apache/certs/ssl.crt SSLCertificateKeyFile /usr/local/apache/certs/ssl.key </VirtualHost>
You must also comment out DocumentRoot, ServerName, ServerAdmin, ErrorLog, and TransferLog in the Main Server configuration:
Where you see:
# Port: The port to which the standalone server listens. For
# ports < 1023, you will need httpd to be run as root initially.
change 8080 to 443
Add any other configuration variables to the httpsd.conf file per your needs.
You will have to issue your PEM to start the web server! Don't panic just because it doesn't start immediately give it a few moments.