You are not logged in.

Pages: 1

#1 2009-12-18 17:12:34

Carlwill
Member
From: Orlando, FL
Registered: 2008-10-06
Posts: 560
Website

Adding SSL Certs to Apache Config

I checked the Wiki & did not find a section on how I can add my SSL certificates to my Arch server running Apache.
I noticed that there is no 'Virtual Host' section in /etc/httpd/conf/httpd.conf file. I did however find /etc/httpd/conf/extra/httpd-ssl.conf. I add the following:

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300
SSLMutex  "file:/var/run/httpd/ssl_mutex"

<VirtualHost _default_:443>

DocumentRoot "/srv/http/webmail"
ServerName www.mydomain.tld:443
ServerAdmin admin@mydoma.tld
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/path/to/server.crt"
SSLCertificateKeyFile "/path/to/server.key"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/http/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog "/var/log/httpd/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>

When I restart Apache, it still does not work on port 443. Do I need to simply move the above in to my 'httpd.con' file?

./

Offline

#2 2009-12-21 04:58:51

kermana
Member
Registered: 2009-04-13
Posts: 60

Re: Adding SSL Certs to Apache Config

I really don't remember how I setup my apache for ssl but checking my config files these are what I have

in httpd.conf

# ssl
Include /etc/httpd/conf/extra/httpd-ssl.conf

httpd-ssl.conf (removed the comments)

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300
<VirtualHost _default_:443>
DocumentRoot "/srv/http"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/certs/httpd/server.crt"
SSLCertificateKeyFile "/certs/httpd/server.key"
SSLCACertificateFile "/certs/ca.crt"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/http/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
</VirtualHost>

if I remember correctly I had to generate the ca.crt, server.key and server.crt with openssl ... check this site out: http://www.tc.umn.edu/~brams006/selfsign.html Hope this helps.

Last edited by kermana (2009-12-21 05:01:56)

Offline

Pages: 1

Board footer

Powered by FluxBB