Okay, so recently I switched servers, departed from Lighttpd and started using Apache. So far, I’ve had little trouble, I’ve enjoyed just how basic it can be, and also adding virtual hosts is a lot cleaner than what I’ve used before. However recently I have had to face the challenge of setting us SSL on the server! I am capable of doing this in Lighttpd so here is how I did it in Apache! Please note than I am running on CentOS 5.6, the way I do things may be slightly different to you.
To begin with I recommend becoming root to save you some time of having to sudo everything. So pop in:
sudo su -
You should now be in your default directory! So, to begin with we need openssl and mod_ssl for Apache. To do this:
yum install mod_ssl openssl
The next step is to generate the private key, generate the CSR and finally generate the self signed key! Commands are listed below:
openssl genrsa -out cert.key 1024 openssl req -new -key cert.key -out cert.csr openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt
Now we need to copy each of these files into their correct locations.
cp cert.crt /etc/pki/tls/certs cp cert.key /etc/pki/tls/private/cert.key cp cert.csr /etc/pki/tls/private/cert.csr
Now we need to update the Apache SSL configuration file, this is located here: /etc/httpd/conf.d/ssl.conf
vim +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Now we need to change the paths to match where your crt file is stored.
SSLCertificateFile /etc/pki/tls/certs/cert.crt
And the same for the key.
SSLCertificateKeyFile /etc/pki/tls/private/cert.key
Now exit vim (ctrl+c) and :x! Next restart Apache.
/etc/init.d/httpd restart
At this point this could be slightly different for you, however I am sure the same principle applies. I of course use virtual hosts configuration files so here is an example of how I set yachiru.net up.
<VirtualHost *:80>
ServerName yachiru.net
ServerAlias *.yachiru.net
ServerAdmin solidarity@yachiru.net
ErrorLog /var/log/httpd/yachiru.err
CustomLog /var/log/httpd/yachiru.log combined
DocumentRoot /home/yachiru/www
<Directory "/home/yachiru/www">
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSlCertificateFile /etc/pki/tls/certs/cert.crt
SSLCertificateKeyFile /etc/pki/tls/private/cert.key
<Directory /home/yachiru/www>
AllowOverride All
</Directory>
DocumentRoot /home/yachiru/www
ServerName yachiru.net
</VirtualHost>
So simply edit your configuration file similarly to this, then restart Apache and you’re done.
Please note, that although this does create a secure connection, your browser WILL flag up that it has not be signed correctly. You can purchase ssl certificates through godaddy or verisign to stop this from happening.
