Difference between revisions of "Setup Apache2 for https"

From ThorstensHome
Jump to: navigation, search
m (Reverted edits by 210.13.105.23 (Talk); changed back to last version by WikiSysop)
 
m (1 revision(s))
 

Latest revision as of 10:09, 18 October 2008

This article describes how you can secure your webpage running on apache2 with https. You create demo-certificates yourself for this. This is for SUSE Linux, for Fedora, I recommend http://www.linux-sxs.org/internet_serving/apache2.html

This article assumes you are running on SUSE Linux. It assumes your e-Mail-address is root@localhost and your server's IP is 10.0.0.1. You may want to replace these. It also assumes you have not more than one virtual server on your apache, it changes the settings of all virtual servers. This article assumes you have already a a webpage that can be displayed, it takes http://10.0.0.1 as example location of your webpage. This article assumes you know about SSL, https and certificates.

  1. set up your Certification authority
    2. cd /usr/share/ssl/misc
./CA.pl -newca

    remember the passphrase you are giving. The common name has to be your server's IP.
    Note:
    To delete a Certification Authority that has been created accidentially, you can do a rm -rf /usr/share/ssl/misc/demoCA

  2. Create a certificate signing request
    3. ./CA.pl -newreq

    again, you have to use your server's IP as common name. You may leave the challenge password blank.

  3. sign the CSR
    4. ./CA.pl -sign
  4. copy the files to the right locations
    5. cp /usr/share/ssl/misc/newcert.pem /etc/apache2/ssl.crt/server.crt
cp /usr/share/ssl/misc/newreq.pem /etc/apache2/ssl.key/server.key
  5. get your SSL Configuration from the given template
    6. cd /etc/apache2/vhosts.d
cp vhost-ssl.template vhost-ssl.conf
  6. change your SSL Configuration
    1. In vhost-ssl.conf, replace
      2. #ServerName www.example.com:443

      to 

      ServerName 10.0.0.1
    2. replace
      3. #ServerAdmin webmaster@example.com

      to 

      ServerAdmin root@localhost
    3. replace
      4. <VirtualHost _default_:443>

      to 

      <VirtualHost *:443>
    4. have apache2 start per default with SSL

      5. edit /etc/sysconfig/apache2: replace 

      APACHE_SERVER_FLAGS=""

      to 

      APACHE_SERVER_FLAGS="SSL"
    5. change
      6. APACHE_SERVERNAME=""

      to 

      APACHE_SERVERNAME="10.0.0.1"
  7. enable name-based virtual servers

    8. edit /etc/apache2/listen.conf, replace 

    #NameVirtualHost *:80

    by 

    NameVirtualHost *:80
  8. create dummy-certificates
    9. /usr/bin/gensslcert
  9. restart apache2
    10. /etc/init.d/apache2 restart
  10. test your configuration

    11. surf to https://10.0.0.1/ Expected result: The browser complains it does not know the server's certificate.


Retrieved from "http://www.staerk.de/thorsten/index.php?title=Setup_Apache2_for_https&oldid=344"