SSL with Apache2 Help!

[tomii]

Hi..I've Suse9.x install with the standard apache2, PHP, Mysql and Openssl distr installed.
What I want and don't understand is how can I make apache use SSL? I'm very nice to this so even though I've read all the doc on this subject it is still ever so confusing. I know there is something about having to generate .csr, .crt, and .key files, but which ones do I need?

Thanks all in advance!

 

[lgarner]

This might help:

http://www.rpatrick.com/tech/makecert/

 

[tomii]

Hi..thanks for that...i have followed the instuctions and have created the .csr .crt and .key, what do I need to do now? how do I configure apache to use these keys and ssl? at present when i try

https://localhost

it pops up with an error: The connection to localhost has terminated unexpectedly...etc

Please help as I have no clue at present and all doc are just confusing me more!

 

[lgarner]

If you have a standard installation of Apache 2, check in /etc/httpd/conf.d for a file "ssl.conf".

Mine looks something like this:

LoadModule ssl_module modules/mod_ssl.so
Listen 0.0.0.0:443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
CustomLog /var/log/httpd/access_log combined
TransferLog logs/ssl_access_log
</VirtualHost>

This may also be incorporated into /etc/httpd/conf/httpd.conf

 

[tomii]

Hi lgarner,

Thanks for your help so far...yes i've a standard install of Apache2 and my ssl.conf is in /etc/httpd i don't seem to have /etc/httpd/conf.d, don't know if that makes any difference.

Anyhow, i've configured my ssl.conf file as you have shown with my SSL crt and key pointing to where i have placed them. A question is i don't have the line: LoadModule ssl_module modules/mod_ssl.so, do i need to use mod_ssl with Apache2? i read somewhere that Apache2 no longer needs the mod_ssl part. Also I read something about Apache+SSL patch, does this apply to Apache2 or just the older apache 1.3?

Anyway, having done the above I tried to point my firefox brower to

https://localhost

but get the same error. Is this the correct way to test https? or do i need to start anything on the openssl or apache part? I have apache started with: 'apachectl start' but i read somewhere about a 'startssl'?

Thanks for all your help!!

 

[lgarner]

As far as I know, it needs mod_ssl. Try "rpm -q mod_ssl" to see if it's installed; mine comes back with "mod_ssl-2.0.52-12.1.ent.centos4". You can also try "rpm -qf /etc/httpd/ssl.conf" and you should see what package put that file in place.

"... do i need to start anything ..." Well, you need to restart Apache to re-read the configuration. I think "startssl" was from 1.3. I just use "/etc/init.d/httpd restart", which is basically "apachectl restart".

 

[tomii]

Hi..thanks all the help so far..i managed to get it working now apparently Apache2 comes with mod_ssl as a module which then needs to be enabled with the ./configure --enable-ssl ....anyway, now that its working with the test key and certificate on one local machine, what do i need to do to get it working with two machine? I guess i would need to set up a dedicated CA machine? and all my other machine would be client which sends a .csr to the CA? the CA would then return a .crt, is that right? I really having trouble understanding how all this works, would really appreciated if someone could summerise the main points please!

Many thanks!!