?
Solved

how do I make ssl stuff work on apache 2.0?

Posted on 2005-04-06
12
Medium Priority
?
366 Views
Last Modified: 2010-03-04
I'm given a redhat server (who knows what version, I don't know how to find out) with apache serving a web page.  My task is to make the ssl thing work with a good certificate.

I want to get the https stuff working before I purchase a real certificate.

When I telnet to port 80, I get a response.

what I telnet to port 443 I get no response.

what do I do?
0
Comment
Question by:patrick20001
  • 6
  • 6
12 Comments
 
LVL 5

Expert Comment

by:jericotolentino
ID: 13723494
Have a look at this link and see if you did everything correctly.

http://www.webhostgear.com/170.html
0
 

Author Comment

by:patrick20001
ID: 13723532
So that website tells me how to configure modssl.

How do I know if modssl is installed?
0
 
LVL 5

Expert Comment

by:jericotolentino
ID: 13723757
Run this in the console to check if modssl is installed.

#> /usr/local/apache/bin/httpd -l | grep ssl

(That flag after httpd is a lowercase 'L', not a numeral 1, in case it isn't clear).

If you don't see 'mod_ssl.c' printed out after that, you'll need to go back through the process of installing the modssl patches to apache.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:patrick20001
ID: 13723800
I do not see mod_ssl.c  

How do I install the modssl patches ?

0
 

Author Comment

by:patrick20001
ID: 13723815
Looking at the modssl.org website, it says that the latest version is for apache 1.3, but I have apache 2.0

Is this still what I want?  If not what then?
0
 
LVL 5

Expert Comment

by:jericotolentino
ID: 13724447
The mod_ssl in apache2 is based on the mod_ssl for Apache 1.3, but the two versions are not the same module.

Just to clarify something, mod_ssl is part of apache 2 by default, you just turn it on with configure/compile options (read the docs) while for apache 1.3 it is an addon package requiring a few other steps in the configure/compile process and additional packages to link with.
0
 

Author Comment

by:patrick20001
ID: 13726341
That is good news!  I'll  look again into the documentation.  Before I posted this question I spent much time looking through the documentation of apache 2.0 and it really is not helpful to me.

Could you tell me simply how to turn it on with compile/configure options?

0
 

Author Comment

by:patrick20001
ID: 13732154
Looking further into this it looks like there are two ways to get this mod_sll installed

1) do some kind of recompile of apache with  --enable-ssl --with-ssl=/usr/local/ssl/  (I have no idea what this means.  I am mostly a windows guy, and this compile-to-install stuff seems like voodoo.)

or

2) slap the file  mod_ssl.so  into the right directory and then restart apache.



Am I on the right track?
0
 
LVL 5

Expert Comment

by:jericotolentino
ID: 13732832
Hi,

I hope this gets everything running well...

Point your browser to http://www.modssl.org and get mod_ssl. Download it and extract to your computer.

Go to the directory where you extracted the mod_ssl sources.

Run:

./configure --with-apache=/usr/local/src/apache_z.z.z
--with-ssl=/usr/local/src/openssl-x.x.x --prefix=/usr/local/apache
--enable-module=ssl --enable-module=most --enable-shared=max
--enable-rule=EAPI

where apache_z.z.z is the apache sources directory. All the ./configure options must be written on the command line. --enable-module=ssl --enable-module=all --enable-shared=max --enable-rule=EAPI are apache options. ou can add more options or modify them, for example, the install directory of apache is /usr:local/apache. To know all the available apache options run ./configure --help from apache sources directory.

Apache configuration has already been made by mod_ssl. Go to apache sources directory and run:

make
make install

To test if everything went fine, there's some info here:
http://www.linux-sottises.net/en_apache_install.php

Just scroll to the lower part of the page where it says "Apache set up." It should work now.
0
 
LVL 5

Accepted Solution

by:
jericotolentino earned 1500 total points
ID: 13732864
Sorry, I missed something. You don't need to go to www.modssl.org. Just skip that step and go to the apache sources directory. I was thinking of apache 1.3.

Good luck!
0
 

Author Comment

by:patrick20001
ID: 13744369
It worked!

Here's my documentation of what I did:

1) GET THE SOURCE FOR OPENSLL AND APACHE

Put latest openssl source openssl-0.9.7f.tar.gx in /usr/src dir

Put latest httpd-2.0.53.tar.gz in /usr/src dir

2) INSTALL OPENSSL

openssl  is the open source library that enables SSL

gunzip < openssl-version.tar.gz | tar xvf –
cd openssl-version

Follow instructions in INSTALL file

      ./config
      make
      make test
      make install



this installation does not install an executable file, but rather a library in the /usr/local/ssl/ dir that is used when compiling apache.  When apache is compile an option is specified that includes this library.  To see what library’s have been compiled with apache go to the /usr/local/apache2/bin dir and type ./httpd –l       If mod_ssl.c is included, then open ssl has been installed.

To check the version of  modssl is included type openssl version

If you want to check the version in the /usr/local/ssl/bin/ directory, go to that dir and type openssl version




3) INSTALL AND COMPILE NEW VERSION OF APACHE


Next we configure, compile and install latest httpd (apapche) stuff

gunzip < httpd-2.0.53.ta.gz | tar xvf –

./configure –prefix=/usr/local/apache2 --enable-module=so --enable-ssl --with-ssl=/usr/local/ssl/

next, type:

make

make install

now go to the /usr/local/apache2/bin and type httpd –v and we should see the mod_ssl.c module.

4) CREATE CERTIFICATES

Make two random files by:

ls > file1
ls / -R > file2

/usr/local/ssl/bin/openssl genrsa -rand file1:file2 -out www.examplecom.key 1024      

now we create a certificate signing request

/usr/local/ssl/openssl req -new -key www.example.com.key - out www.example.com.csr

The csr request will ask questions about the cert.  Fill in the blanks appropriately


Temporarily we will self-sgn the csr

/usr/local/ssl/bin/openssl x509 -req -days 30 -in www.example.com.csr -signkey www.example.com.key -out www.example.com.cert

copy the cert file to /usr/local/ssl/certs and the key to /usr/local/ssl/private/

goto the private dir and chmod 400 www.example.com.key




Thanks for your help jericotolentino!
0
 
LVL 5

Expert Comment

by:jericotolentino
ID: 13750034
Sure, glad to help you.

:-)
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Integration Management Part 2
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…
Suggested Courses
Course of the Month14 days, 8 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question