patrick20001
asked on
how do I make ssl stuff work on apache 2.0?
I'm given a redhat server (who knows what version, I don't know how to find out) with apache serving a web page. My task is to make the ssl thing work with a good certificate.
I want to get the https stuff working before I purchase a real certificate.
When I telnet to port 80, I get a response.
what I telnet to port 443 I get no response.
what do I do?
I want to get the https stuff working before I purchase a real certificate.
When I telnet to port 80, I get a response.
what I telnet to port 443 I get no response.
what do I do?
ASKER
So that website tells me how to configure modssl.
How do I know if modssl is installed?
How do I know if modssl is installed?
Run this in the console to check if modssl is installed.
#> /usr/local/apache/bin/http d -l | grep ssl
(That flag after httpd is a lowercase 'L', not a numeral 1, in case it isn't clear).
If you don't see 'mod_ssl.c' printed out after that, you'll need to go back through the process of installing the modssl patches to apache.
#> /usr/local/apache/bin/http
(That flag after httpd is a lowercase 'L', not a numeral 1, in case it isn't clear).
If you don't see 'mod_ssl.c' printed out after that, you'll need to go back through the process of installing the modssl patches to apache.
ASKER
I do not see mod_ssl.c
How do I install the modssl patches ?
How do I install the modssl patches ?
ASKER
Looking at the modssl.org website, it says that the latest version is for apache 1.3, but I have apache 2.0
Is this still what I want? If not what then?
Is this still what I want? If not what then?
The mod_ssl in apache2 is based on the mod_ssl for Apache 1.3, but the two versions are not the same module.
Just to clarify something, mod_ssl is part of apache 2 by default, you just turn it on with configure/compile options (read the docs) while for apache 1.3 it is an addon package requiring a few other steps in the configure/compile process and additional packages to link with.
Just to clarify something, mod_ssl is part of apache 2 by default, you just turn it on with configure/compile options (read the docs) while for apache 1.3 it is an addon package requiring a few other steps in the configure/compile process and additional packages to link with.
ASKER
That is good news! I'll look again into the documentation. Before I posted this question I spent much time looking through the documentation of apache 2.0 and it really is not helpful to me.
Could you tell me simply how to turn it on with compile/configure options?
Could you tell me simply how to turn it on with compile/configure options?
ASKER
Looking further into this it looks like there are two ways to get this mod_sll installed
1) do some kind of recompile of apache with --enable-ssl --with-ssl=/usr/local/ssl/ (I have no idea what this means. I am mostly a windows guy, and this compile-to-install stuff seems like voodoo.)
or
2) slap the file mod_ssl.so into the right directory and then restart apache.
Am I on the right track?
1) do some kind of recompile of apache with --enable-ssl --with-ssl=/usr/local/ssl/
or
2) slap the file mod_ssl.so into the right directory and then restart apache.
Am I on the right track?
Hi,
I hope this gets everything running well...
Point your browser to http://www.modssl.org and get mod_ssl. Download it and extract to your computer.
Go to the directory where you extracted the mod_ssl sources.
Run:
./configure --with-apache=/usr/local/s rc/apache_ z.z.z
--with-ssl=/usr/local/src/ openssl-x. x.x --prefix=/usr/local/apache
--enable-module=ssl --enable-module=most --enable-shared=max
--enable-rule=EAPI
where apache_z.z.z is the apache sources directory. All the ./configure options must be written on the command line. --enable-module=ssl --enable-module=all --enable-shared=max --enable-rule=EAPI are apache options. ou can add more options or modify them, for example, the install directory of apache is /usr:local/apache. To know all the available apache options run ./configure --help from apache sources directory.
Apache configuration has already been made by mod_ssl. Go to apache sources directory and run:
make
make install
To test if everything went fine, there's some info here:
http://www.linux-sottises.net/en_apache_install.php
Just scroll to the lower part of the page where it says "Apache set up." It should work now.
I hope this gets everything running well...
Point your browser to http://www.modssl.org and get mod_ssl. Download it and extract to your computer.
Go to the directory where you extracted the mod_ssl sources.
Run:
./configure --with-apache=/usr/local/s
--with-ssl=/usr/local/src/
--enable-module=ssl --enable-module=most --enable-shared=max
--enable-rule=EAPI
where apache_z.z.z is the apache sources directory. All the ./configure options must be written on the command line. --enable-module=ssl --enable-module=all --enable-shared=max --enable-rule=EAPI are apache options. ou can add more options or modify them, for example, the install directory of apache is /usr:local/apache. To know all the available apache options run ./configure --help from apache sources directory.
Apache configuration has already been made by mod_ssl. Go to apache sources directory and run:
make
make install
To test if everything went fine, there's some info here:
http://www.linux-sottises.net/en_apache_install.php
Just scroll to the lower part of the page where it says "Apache set up." It should work now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It worked!
Here's my documentation of what I did:
1) GET THE SOURCE FOR OPENSLL AND APACHE
Put latest openssl source openssl-0.9.7f.tar.gx in /usr/src dir
Put latest httpd-2.0.53.tar.gz in /usr/src dir
2) INSTALL OPENSSL
openssl is the open source library that enables SSL
gunzip < openssl-version.tar.gz | tar xvf –
cd openssl-version
Follow instructions in INSTALL file
./config
make
make test
make install
this installation does not install an executable file, but rather a library in the /usr/local/ssl/ dir that is used when compiling apache. When apache is compile an option is specified that includes this library. To see what library’s have been compiled with apache go to the /usr/local/apache2/bin dir and type ./httpd –l If mod_ssl.c is included, then open ssl has been installed.
To check the version of modssl is included type openssl version
If you want to check the version in the /usr/local/ssl/bin/ directory, go to that dir and type openssl version
3) INSTALL AND COMPILE NEW VERSION OF APACHE
Next we configure, compile and install latest httpd (apapche) stuff
gunzip < httpd-2.0.53.ta.gz | tar xvf –
./configure –prefix=/usr/local/apache2 --enable-module=so --enable-ssl --with-ssl=/usr/local/ssl/
next, type:
make
make install
now go to the /usr/local/apache2/bin and type httpd –v and we should see the mod_ssl.c module.
4) CREATE CERTIFICATES
Make two random files by:
ls > file1
ls / -R > file2
/usr/local/ssl/bin/openssl genrsa -rand file1:file2 -out www.examplecom.key 1024
now we create a certificate signing request
/usr/local/ssl/openssl req -new -key www.example.com.key - out www.example.com.csr
The csr request will ask questions about the cert. Fill in the blanks appropriately
Temporarily we will self-sgn the csr
/usr/local/ssl/bin/openssl x509 -req -days 30 -in www.example.com.csr -signkey www.example.com.key -out www.example.com.cert
copy the cert file to /usr/local/ssl/certs and the key to /usr/local/ssl/private/
goto the private dir and chmod 400 www.example.com.key
Thanks for your help jericotolentino!
Here's my documentation of what I did:
1) GET THE SOURCE FOR OPENSLL AND APACHE
Put latest openssl source openssl-0.9.7f.tar.gx in /usr/src dir
Put latest httpd-2.0.53.tar.gz in /usr/src dir
2) INSTALL OPENSSL
openssl is the open source library that enables SSL
gunzip < openssl-version.tar.gz | tar xvf –
cd openssl-version
Follow instructions in INSTALL file
./config
make
make test
make install
this installation does not install an executable file, but rather a library in the /usr/local/ssl/ dir that is used when compiling apache. When apache is compile an option is specified that includes this library. To see what library’s have been compiled with apache go to the /usr/local/apache2/bin dir and type ./httpd –l If mod_ssl.c is included, then open ssl has been installed.
To check the version of modssl is included type openssl version
If you want to check the version in the /usr/local/ssl/bin/ directory, go to that dir and type openssl version
3) INSTALL AND COMPILE NEW VERSION OF APACHE
Next we configure, compile and install latest httpd (apapche) stuff
gunzip < httpd-2.0.53.ta.gz | tar xvf –
./configure –prefix=/usr/local/apache2
next, type:
make
make install
now go to the /usr/local/apache2/bin and type httpd –v and we should see the mod_ssl.c module.
4) CREATE CERTIFICATES
Make two random files by:
ls > file1
ls / -R > file2
/usr/local/ssl/bin/openssl
now we create a certificate signing request
/usr/local/ssl/openssl req -new -key www.example.com.key - out www.example.com.csr
The csr request will ask questions about the cert. Fill in the blanks appropriately
Temporarily we will self-sgn the csr
/usr/local/ssl/bin/openssl
copy the cert file to /usr/local/ssl/certs and the key to /usr/local/ssl/private/
goto the private dir and chmod 400 www.example.com.key
Thanks for your help jericotolentino!
Sure, glad to help you.
:-)
:-)
http://www.webhostgear.com/170.html