Apache/SSL

From Wikibooks, open books for an open world
Jump to: navigation, search

Install and Configure Apache2 with PHP5 and SSL Support

Required Packages :

apache2
openssl ssl-cert
libapache2-mod-php5 
php5-cli 
php5-common 
php5-cgi


Configuration Steps :

Step 1:

For generating certificate Use the following command to generate certificates

#openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -
keyout /etc/apache2/apache.pem


You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.’, the field will be left blank. —–

Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:West Bengal
Locality Name (eg, city) []:Kolkata
Organization Name (eg, company) [Internet Widgits Pty Ltd]:MAT3 Impex Pvt. Ltd.
Organizational Unit Name (eg, section) []:Crypto-Devel
Common Name (eg, YOUR name) []:Promathesh Mandal
Email Address []:promatesh@mat3impex.com

This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the

following command to set the correct permissions

#chmod 600 /etc/apache2/apache.pem

Note: For generating a certificate signing request give the following command

#openssl req -new -key apache.pem -out chikpea.csr

Step 2:

By default the server will listen for incoming HTTP requests on port 80 - and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.

Listen 443

Step 3:

Enable SSL Support If you want to enable SSL support for your apache web server you need to use the following comamnd

#a2enmod ssl

Module ssl installed; run /etc/init.d/apache2 force-reload to enable. Now you need to restart the apache2 server using the following command

#/etc/init.d/apache2 restart


Step 4:

Configuring SSL Certificate to Virtual Hosts in Apache2 First you need to edit the /etc/apache2/sites-available/default file change

NameVirtualHost *
to
NameVirtualHost *:80
NameVirtualHost *:443

Now you need to configure Virtual hosts using port 80

Example

ServerAdmin webmaster@localhost
.
.
.

configure Virtual hosts using port 443 the main difference is you need to use the following 
two lines for each SSL hosts.

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Example

ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Now you need to restrat your apache web server using the following comamnd

# /etc/init.d/apache2 reload


Sample Files : sample for “ports.conf” file

Listen 80 
Listen 443

sample for “default” file

NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                #RedirectMatch ^/$ /apache2-default/
        </Directory> 
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory> 
        ErrorLog /var/log/apache2/error.log 
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On 
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory> 
 </VirtualHost> 
 <VirtualHost *:443>
        ServerAdmin webmaster@localhost
        SSLEngine on
        SSLCertificateFile /etc/apache2/apache.pem      
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                #RedirectMatch ^/$ /apache2-default/
        </Directory>
        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
        ErrorLog /var/log/apache2/error.log
        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
        ServerSignature On
    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
  </VirtualHost>