[NBLUG/talk] Enabling SSL in Apache2?
Lincoln Peters
sampln at sbcglobal.net
Fri Aug 25 18:23:00 PDT 2006
On Wednesday 23 August 2006 00:19, Troy Arnold wrote:
> Something like:
> <VirtualHost 192.168.1.80:443>
> SSLEngine on
> SSLCertificateKeyFile /etc/apache2/ssl/secure.private.key
> SSLCertificateFile /etc/apache2/ssl/secure.crt
> SSLOptions +StdEnvVars
> [...]
> </VirtuaHost>
That seems to have been part of the problem. However, now that I've set that
up, instead of getting "connection refused", I get no response at all from
the server when I try to connect via HTTPS. So I'm not sure where to go from
here.
Here's the VirtualHost definition from my apache2.conf file:
<VirtualHost odysseus.peterslan:443>
ServerAdmin petersl at sonoma.edu
ServerName odysseus.peterslan
ServerAlias odysseus.peterslan
DocumentRoot /home/public_html
SSLEngine on
SSLCertificateKeyFile /etc/apache2/ssl/secure.private.key
SSLCertificateFile /etc/apache2/ssl/secure.crt
SSLOptions +StdEnvVars
<Directory /home/public_html>
Options Indexes MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
Alias /dav /home/public_html
<Location /dav>
Dav On
AuthType Digest
AuthName iTools
AuthDigestDomain "/"
AuthDigestFile /home/public_html/WebDavUsers
AuthGroupFile /home/public_html/WebDavGroups
Options None
AllowOverride None
Require valid-user
</Location>
</VirtualHost>
I did find out that the Debian package for Apache doesn't seem to install an
SSL key or certificate by default. So in case anyone else finds themselves
wanting to try this, here's what I did to generate the certificate:
# cd /etc/apache2/ssl/
# openssl genrsa -aes256 > /etc/apache2/ssl/secure.private.key
# openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 \
-days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Or if you want to request a certificate from your local certificate authority
(VeriSign?):
# openssl req -new -key /etc/apache2/ssl/secure.private.key \
-out /etc/apache2/ssl/secure.csr
--
Lincoln Peters <sampln at sbcglobal.net>
I won't mention any names, because I don't want to get sun4's into
trouble... :-) -- Larry Wall in <11333 at jpl-devvax.JPL.NASA.GOV>
More information about the talk
mailing list