Difference between revisions of "Setup Apache2 for https"
m (Reverted edits by 210.13.105.23 (Talk); changed back to last version by WikiSysop) |
m (1 revision(s)) |
Latest revision as of 09:09, 18 October 2008
This article describes how you can secure your webpage running on apache2 with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html
This article assumes you are running on SUSE Linux. It assumes your e-Mail-address is root@localhost and your server's IP is 10.0.0.1. You may want to replace these. It also assumes you have not more than one virtual server on your apache, it changes the settings of all virtual servers. This article assumes you have already a a webpage that can be displayed, it takes http://10.0.0.1 as example location of your webpage. This article assumes you know about SSL, https and certificates.
- set up your Certification authority
- Create a certificate signing request
- sign the CSR
- copy the files to the right locations
- get your SSL Configuration from the given template
- change your SSL Configuration
- In vhost-ssl.conf, replace
- replace
- replace
- have apache2 start per default with SSL
- change
- enable name-based virtual servers
- create dummy-certificates
- restart apache2
- test your configuration
cd /usr/share/ssl/misc ./CA.pl -newca
remember the passphrase you are giving. The common name has to be your server's IP.
Note:
To delete a Certification Authority that has been created accidentially, you can do a rm -rf /usr/share/ssl/misc/demoCA
./CA.pl -newreq
again, you have to use your server's IP as common name. You may leave the challenge password blank.
./CA.pl -sign
cp /usr/share/ssl/misc/newcert.pem /etc/apache2/ssl.crt/server.crt cp /usr/share/ssl/misc/newreq.pem /etc/apache2/ssl.key/server.key
cd /etc/apache2/vhosts.d cp vhost-ssl.template vhost-ssl.conf
#ServerName www.example.com:443
to
ServerName 10.0.0.1
#ServerAdmin webmaster@example.com
to
ServerAdmin root@localhost
<VirtualHost _default_:443>
to
<VirtualHost *:443>
edit /etc/sysconfig/apache2: replace
APACHE_SERVER_FLAGS=""
to
APACHE_SERVER_FLAGS="SSL"
APACHE_SERVERNAME=""
to
APACHE_SERVERNAME="10.0.0.1"
edit /etc/apache2/listen.conf, replace
#NameVirtualHost *:80
by
NameVirtualHost *:80
/usr/bin/gensslcert
/etc/init.d/apache2 restart
surf to https://10.0.0.1/ Expected result: The browser complains it does not know the server's certificate.