Personal tools
You are here: Home FAQ - Frequently Asked Questions Linux Installation und Konfiguration HowTo: Apache2 und SSL
Document Actions

HowTo: Apache2 und SSL

A short description (with example) to configure SSL-Apache2.

$PATH: /usr/share/ssl/misc

Creating Certificate Signing Request .csr (and private key file): [set your domain instead of devel2]
openssl req -new -out devel2.csr

Creating RSA Key from private key file:
openssl rsa -in privkey.pem -out devel2.key                                 [<- privkey.pem has to be in $PATH ?]

Signing CSR using the key file and with a validity of 365 days:
openssl x509 -in devel2.csr -out devel2.cert -req -signkey devel2.key -days 365

create ie readeable "DER"-key:
openssl x509 -in devel2.cert -out devel2.der.crt -outform DER


*To make APACHE SSL ready*

activate in $APACHECONFIGPATH/ssl-global.conf necessary options (usually already done)
create in vhosts.d virtaul hosts with ssl activated

EXAMPLE:

<VirtualHost *:443>

        DocumentRoot "/www/ssl"
        ServerName devel2.pingusys.int:443
        #ServerAdmin webmaster@example.com
        ErrorLog /var/log/apache2/ssl-error_log
        TransferLog /var/log/apache2/ssl-access_log

        SSLEngine on

        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/apache2/ssl.crt/devel2.crt                    <- set Certificate File
        #SSLCertificateFile /etc/apache2/ssl.crt/server-dsa.crt

        SSLCertificateKeyFile /etc/apache2/ssl.key/devel2.key                 <- set KeyFile
        #SSLCertificateKeyFile /etc/apache2/ssl.key/server-dsa.key

        #SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
        <Directory "/www/ssl">                                                <- create directory entry!
         Order allow,deny
         Allow from all
        </Directory>

         <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
         </Files>

         <Directory "/www/ssl/cgi-bin">
            SSLOptions +StdEnvVars
         </Directory>
        SetEnvIf User-Agent ".*MSIE.*" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0

        CustomLog /var/log/apache2/ssl_request_log   ssl_combined            <- set log file

</VirtualHost>
Searchbox
« May 2012 »
Su Mo Tu We Th Fr Sa
12345
6789101112
13141516171819
20212223242526
2728293031
Navigation