Apache‎ > ‎

SSL

Debian, Apache2 and SSL

first run

a2enmod ssl

I had a nightmare trying to find out how to get SSL working with a standard debian apache2 install. Here's the (very easy solution).

Debian Sarge comes with an apache2 package. I thought I'd give this a go to get it working with a self signed SSL certificate. However, I had little idea of what I was doing. Eventually I worked it out - and it's easy:

   * Logon or su as root
* Run:
apt-get install apache2
* Run the script
apache2-ssl-certificate
and tell it what it wants to know.
* Make a copy of '/etc/apache2/sites-available/default' - call it something like 'ssl'
* Make a sym-link to this new site configuration from /etc/apache2/sites-enabled/ You will see this is already done for 'default'.
* Add a
Listen 443
to /etc/apache2/ports.conf
* Edit /etc/apache2/sites-available/ssl (or whatever you called your new ssl site's config) and change port 80 in the name of the site to 443.
* Add a Line
SSLEngine On
somewhere in the body of the config file.
* Add a Line
SSLCertificateFile /etc/apache2/ssl/apache.pem
somewhere in the body of the config file.
* Restart apache





Apache HTTPS (SSL) config:
<VirtualHost 4.2.2.2:443>
    DocumentRoot /var/www/securesite

    SSLEngine on   
    SSLCertificateFile /etc/httpd/ssl/ssl.crt/server.crt 
    SSLCertificateKeyFile /etc/httpd/ssl/ssl.key/server.key
    SSLCertificateChainFile /etc/httpd/ssl/thawte-int.chain

    <Directory "/var/www/securesite"> 
       Options +Indexes
       AllowOverride Options FileInfo AuthConfig Limit
       SSLRequireSSL
       AuthType Basic
AuthUserFile /var/www/securesite/.htpasswd
AuthName "restricted access!"
require valid-user
       Order allow,deny
       Allow from All
    </Directory>
</VirtualHost>

View SSL Certificate on Web Server

echo | openssl s_client -connect hostname:443 2>/dev/null |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text

View SSL Certificate on FTPS Server

echo | openssl s_client -starttls ftp -connect hostname:21 2>/dev/null |\
sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -text

Comments