[NBLUG/talk] Enabling SSL in Apache2?

Lincoln Peters sampln at sbcglobal.net
Fri Aug 25 18:23:00 PDT 2006


On Wednesday 23 August 2006 00:19, Troy Arnold wrote:
> Something like:
> <VirtualHost 192.168.1.80:443>
> SSLEngine on
> SSLCertificateKeyFile /etc/apache2/ssl/secure.private.key
> SSLCertificateFile /etc/apache2/ssl/secure.crt
> SSLOptions +StdEnvVars
> [...]
> </VirtuaHost>

That seems to have been part of the problem.  However, now that I've set that 
up, instead of getting "connection refused", I get no response at all from 
the server when I try to connect via HTTPS.  So I'm not sure where to go from 
here.

Here's the VirtualHost definition from my apache2.conf file:
<VirtualHost odysseus.peterslan:443>
	ServerAdmin	petersl at sonoma.edu
	ServerName	odysseus.peterslan
	ServerAlias	odysseus.peterslan

	DocumentRoot	/home/public_html

	SSLEngine	on
	SSLCertificateKeyFile	/etc/apache2/ssl/secure.private.key
	SSLCertificateFile	/etc/apache2/ssl/secure.crt
	SSLOptions		+StdEnvVars

	<Directory /home/public_html>
		Options Indexes MultiViews
		AllowOverride	None
		Order		allow,deny
		allow from all
	</Directory>

	Alias /dav /home/public_html

	<Location /dav>
		Dav On

		AuthType	Digest
		AuthName	iTools
		AuthDigestDomain "/"
		AuthDigestFile	/home/public_html/WebDavUsers
		AuthGroupFile	/home/public_html/WebDavGroups
		Options		None
		AllowOverride	None
		Require		valid-user
	</Location>
</VirtualHost>


I did find out that the Debian package for Apache doesn't seem to install an 
SSL key or certificate by default.  So in case anyone else finds themselves 
wanting to try this, here's what I did to generate the certificate:

# cd /etc/apache2/ssl/
# openssl genrsa -aes256 > /etc/apache2/ssl/secure.private.key
# openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 \
  -days 365 -out /etc/httpd/conf/ssl.crt/server.crt

Or if you want to request a certificate from your local certificate authority 
(VeriSign?):
# openssl req -new -key /etc/apache2/ssl/secure.private.key \
  -out /etc/apache2/ssl/secure.csr


-- 
Lincoln Peters		<sampln at sbcglobal.net>

I won't mention any names, because I don't want to get sun4's into
trouble...  :-)     -- Larry Wall in <11333 at jpl-devvax.JPL.NASA.GOV>



More information about the talk mailing list