Apache/SSL

< Apache

Install and Configure Apache2 with PHP5 and SSL Support

Required Packages :

apache2
openssl ssl-cert
libapache2-mod-php5 
php5-cli 
php5-common 
php5-cgi


Configuration Steps :

Step 1:

For generating certificate Use the following command to generate certificates

#openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -
keyout /etc/apache2/apache.pem


You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —–

Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:West Bengal
Locality Name (eg, city) []:Kolkata
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MAT3 Impex Pvt. Ltd.
Organizational Unit Name (eg, section) []:Crypto-Devel
Common Name (eg, YOUR name) []:Promathesh Mandal
Email Address []:promatesh@mat3impex.com

This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the

following command to set the correct permissions

#chmod 600 /etc/apache2/apache.pem

Note: For generating a certificate signing request give the following command

#openssl req -new -key apache.pem -out chikpea.csr

Step 2:

By default the server will listen for incoming HTTP requests on port 80 - and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.

Listen 443

Step 3:

Enable SSL Support If you want to enable SSL support for your apache web server you need to use the following command

#a2enmod ssl

Module ssl installed; run /etc/init.d/apache2 force-reload to enable. Now you need to restart the apache2 server using the following command

#/etc/init.d/apache2 restart


Step 4:

Configuring SSL Certificate to Virtual Hosts in Apache2 First you need to edit the /etc/apache2/sites-available/default file change

NameVirtualHost *
to
NameVirtualHost *:80
NameVirtualHost *:443

Now you need to configure Virtual hosts using port 80

Example

ServerAdmin webmaster@localhost
.
.
.

configure Virtual hosts using port 443 the main difference is you need to use the following 
two lines for each SSL hosts.

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Example

ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Now you need to restrat your apache web server using the following comamnd

# /etc/init.d/apache2 reload


Sample Files : sample for “ports.conf” file

Listen 80 
Listen 443

sample for “default” file

NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
	DocumentRoot /var/www/
	<Directory />
 		Options FollowSymLinks
		AllowOverride None
 	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
		# This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                #RedirectMatch ^/$ /apache2-default/
	</Directory> 
	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory> 
	ErrorLog /var/log/apache2/error.log 
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog /var/log/apache2/access.log combined
	ServerSignature On 
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory> 
 </VirtualHost> 
 <VirtualHost *:443>
	ServerAdmin webmaster@localhost
	SSLEngine on
	SSLCertificateFile /etc/apache2/apache.pem 	
	DocumentRoot /var/www/
	<Directory />
		Options FollowSymLinks
		AllowOverride None
	</Directory>
	<Directory /var/www/>
		Options Indexes FollowSymLinks MultiViews
		AllowOverride None
		Order allow,deny
		allow from all
		# This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                #RedirectMatch ^/$ /apache2-default/
	</Directory>
	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
	<Directory "/usr/lib/cgi-bin">
		AllowOverride None
		Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
		Order allow,deny
		Allow from all
	</Directory>
	ErrorLog /var/log/apache2/error.log
	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn
	CustomLog /var/log/apache2/access.log combined
	ServerSignature On
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
  </VirtualHost>
This article is issued from Wikibooks. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.