Enable SSL in Apache

By jansipke on 2009-10-27

apache

To enable SSL in Apache, we need to perform some steps.

We start by generating a key for our server:

openssl genrsa -out server.key 4096

Then we generate a Certificate Signing Request (CSR) based on this key:

openssl req -new -key server.key -out server.csr

Make sure that you enter a valid value for Common Name (CN). It is vital that you enter the Fully Qualified Domain Name (FQDN) or IP address of your server here.

If we want a legitimate SSL certificate for Apache, we need to take this file to a Certificate Authority (CA) and have them generate a certificate. However, if you want a certificate to play around with, it is enough to sign it yourself:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

In either case, we can now continue to create an SSL directory for Apache:

mkdir /etc/apache2/ssl

Move the necessary files to this directory:

mv server.key /etc/apache2/ssl
mv server.crt /etc/apache2/ssl

Now tell Apache to use SSL and these brand new files by editing /etc/apache2/sites-enabled/000-default:

SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key

And now start Apache:

/etc/init.d/apache2 start

Check if it works by connecting to https://yourservername. If you use a self-signed certificate, your browser will warn you that, although the connection is encrypted, it is a self-signed certificate and you shouldn’t trust the website.

Posted in Tagged , Leave a Comment

Apache virtual hosts

By jansipke on 2003-01-01

apache

Assume we want to serve webpages for two domains, example.com and example.org and these pages should be available with and without the ‘www’, so from www.example.com, example.com, www.example.org and example.org. In addition, clients connecting directly to our IP address, instead of using these domain names, should get an error message (404 Not Found) or short warning html message. These clients are probably just worms trying to spread through our webserver, so we don’t want to waste bandwidth on them. We start off by making some directories.

mkdir /var/www/htdocs/ip_address
mkdir /var/www/htdocs/example.com
mkdir /var/www/htdocs/example.org

Last thing we have to do is edit the configuration file. On OpenBSD, the Apache configuration can be found in /var/www/conf/httpd.conf.

NameVirtualHost *

<VirtualHost *>
   DocumentRoot /htdocs/ip_address
   ErrorLog logs/ip_address-error_log
   CustomLog logs/ip_address-access_log common
</VirtualHost>

<VirtualHost *>
   ServerAdmin webmaster@example.com
   DocumentRoot /htdocs/example.com
   ServerName www.example.com
   ErrorLog logs/example.com-error_log
   CustomLog logs/example.com-access_log common
</VirtualHost>

<VirtualHost *>
   ServerAdmin webmaster@example.com
   DocumentRoot /htdocs/example.com
   ServerName example.com
   ErrorLog logs/example.com-error_log
   CustomLog logs/example.com-access_log common
</VirtualHost>

<VirtualHost *>
   ServerAdmin webmaster@example.org
   DocumentRoot /htdocs/example.org
   ServerName www.example.org
   ErrorLog logs/example.org-error_log
   CustomLog logs/example.org-access_log common
</VirtualHost>

<VirtualHost *>
   ServerAdmin webmaster@example.org
   DocumentRoot /htdocs/example.org
   ServerName example.org
   ErrorLog logs/example.org-error_log
   CustomLog logs/example.org-access_log common
</VirtualHost>

Posted in Tagged , , Leave a Comment