Difference between revisions of "Setup Apache2 for https"
Revision as of 11:23, 4 July 2007
This article describes how you can secure your webpage running on apache2 with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html
This article assumes you are running on SUSE Linux. It assumes your e-Mail-address is root@localhost and your server's IP is 10.0.0.1. You may want to replace these. It also assumes you have not more than one virtual server on your apache, it changes the settings of all virtual servers. This article assumes you have already a a webpage that can be displayed, it takes http://10.0.0.1 as example location of your webpage. This article assumes you know about SSL, https and certificates.
- set up your Certification authority
- Create a certificate signing request
- sign the CSR
- copy the files to the right locations
- get your SSL Configuration from the given template
- change your SSL Configuration
- In vhost-ssl.conf, replace
- have apache2 start per default with SSL
- enable name-based virtual servers
- create dummy-certificates
- restart apache2
- test your configuration
cd /usr/share/ssl/misc ./CA.pl -newca
remember the passphrase you are giving. The common name has to be your server's IP.
To delete a Certification Authority that has been created accidentially, you can do a rm -rf /usr/share/ssl/misc/demoCA
again, you have to use your server's IP as common name. You may leave the challenge password blank.
cp /usr/share/ssl/misc/newcert.pem /etc/apache2/ssl.crt/server.crt cp /usr/share/ssl/misc/newreq.pem /etc/apache2/ssl.key/server.key
cd /etc/apache2/vhosts.d cp vhost-ssl.template vhost-ssl.conf
edit /etc/sysconfig/apache2: replace
edit /etc/apache2/listen.conf, replace
surf to https://10.0.0.1/ Expected result: The browser complains it does not know the server's certificate.