You are not logged in.
I checked the Wiki & did not find a section on how I can add my SSL certificates to my Arch server running Apache.
I noticed that there is no 'Virtual Host' section in /etc/httpd/conf/httpd.conf file. I did however find /etc/httpd/conf/extra/httpd-ssl.conf. I add the following:
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex "file:/var/run/httpd/ssl_mutex"
<VirtualHost _default_:443>
DocumentRoot "/srv/http/webmail"
ServerName www.mydomain.tld:443
ServerAdmin admin@mydoma.tld
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/path/to/server.crt"
SSLCertificateKeyFile "/path/to/server.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/http/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/var/log/httpd/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
When I restart Apache, it still does not work on port 443. Do I need to simply move the above in to my 'httpd.con' file?
./
Offline
I really don't remember how I setup my apache for ssl but checking my config files these are what I have
in httpd.conf
# ssl
Include /etc/httpd/conf/extra/httpd-ssl.conf
httpd-ssl.conf (removed the comments)
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/var/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost _default_:443>
DocumentRoot "/srv/http"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/var/log/httpd/error_log"
TransferLog "/var/log/httpd/access_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/certs/httpd/server.crt"
SSLCertificateKeyFile "/certs/httpd/server.key"
SSLCACertificateFile "/certs/ca.crt"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/srv/http/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
if I remember correctly I had to generate the ca.crt, server.key and server.crt with openssl ... check this site out: http://www.tc.umn.edu/~brams006/selfsign.html Hope this helps.
Last edited by kermana (2009-12-21 05:01:56)
Offline