Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

configuring Apache to use ssl

Posted on 2006-07-10
9
561 Views
Last Modified: 2008-02-01
Configuration:
OS: Windows Server 2003
Web Server: Apache 2.0.58
Listens to Port 8078. Ports 80, 8080, and 8079 are used by IIS.

tell me, from scratch, how to configure the server to use SSL.

what directives i need to add to httpd.conf?
where should i put certain files that i may need to download?
how to test it?
and I need to use a port other than 443.

thanks
0
Comment
Question by:jhshukla
  • 6
9 Comments
 
LVL 9

Author Comment

by:jhshukla
ID: 17076103
I tried following instructions on http://www.apache-ssl.org/#FAQ and http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL but to no avail. I get:

D:\Program Files\GnuWin32\bin>openssl req -new > new.cert.csr
Unable to load config info
Loading 'screen' into random state - done
Generating a 512 bit RSA private key
.......++++++++++++
...++++++++++++
writing new private key to stdout
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
10992:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:325:
0
 
LVL 9

Author Comment

by:jhshukla
ID: 17076607
update: I followed instructions on http://www.devx.com/opensource/Article/20085/1763/page/2
now it is taking forever to serve the request.
0
 
LVL 23

Assisted Solution

by:rama_krishna580
rama_krishna580 earned 62 total points
ID: 17081978
Hi,

Setting up SSL Certificates on Apache
http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html

R.K
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 9

Author Comment

by:jhshukla
ID: 17094927
flush previous discussions out of your mind.

<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  exec:spit_passwd.bat
SSLSessionCache        none
SSLMutex  default
#SSLEngine on ######################################

<VirtualHost 00.000.00.0:111>
#        ServerName 00.000.00.0
        DocumentRoot C:/WEB_ROOT
        ErrorLog C:/WEB_ROOT/logs/error.log
        CustomLog C:/WEB_ROOT/logs/access.log common
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile C:/WEB_ROOT/certs/server.crt
SSLCertificateKeyFile C:/WEB_ROOT/certs/server.key
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/WEB_ROOT">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog C:/WEB_ROOT/logs/ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>

The moment I uncomment the SSLEngine On directive & try to restart, it craps out on me. with the line commented out, it could be (possibly) the happiest server on earth.
0
 
LVL 9

Author Comment

by:jhshukla
ID: 17095082
do you wan't me to post all relevant parts of *.conf?
0
 
LVL 9

Author Comment

by:jhshukla
ID: 17095189
here it is:
ServerRoot "C:/Program Files/Apache Group/Apache2"
PidFile logs/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild  0
</IfModule>
Listen 80
Listen 8080
LoadModule access_module modules/mod_access.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_module modules/mod_auth.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule imap_module modules/mod_imap.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule php5_module c:/php/php5apache2.dll
PHPIniDir "C:/php"
ServerAdmin dumbledore@hogwarts.edu
ServerName NearlyNamelessServer:80
UseCanonicalName Off
DocumentRoot "C:/WEB_ROOT"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory "C:/WEB_ROOT">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    RewriteEngine On
    RewriteRule ^([^/]+)\.html?(.*)$ index.php?_html_url=$1$2 [L,QSA]
    RewriteRule .+\.pdf(.*)$ index.php?page=convert_to_pdf&cmd=download$1 [L,QSA]
</Directory>
DirectoryIndex index.php index.html index.html.var
AccessFileName .htaccess
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access.log common
ServerTokens Full
ServerSignature On
Alias /icons/ "C:/Program Files/Apache Group/Apache2/icons/"
<Directory "C:/Program Files/Apache Group/Apache2/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
    Options Indexes
    AllowOverride None
    Order allow,deny
    Allow from all
    <Files *.html>
        SetHandler type-map
    </Files>
</Directory>
ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache2/cgi-bin/"
<Directory "C:/Program Files/Apache Group/Apache2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort
ReadmeName README.html
HeaderName HEADER.html
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php .phtml
AddType application/x-httpd-php-source .phps
AddHandler type-map var
<IfModule mod_ssl.c>
      SSLRandomSeed startup builtin
      SSLRandomSeed connect builtin
      Listen 443
      AddType application/x-x509-ca-cert .crt
      AddType application/x-pkcs7-crl    .crl
      SSLPassPhraseDialog  exec:spit_passwd.bat
      SSLSessionCache        none
      SSLMutex  default
      <VirtualHost ip.ad.re.ss:443>
              ServerName ip.ad.re.ss
              DocumentRoot C:/WEB_ROOT
              ErrorLog C:/WEB_ROOT/logs/error.log
              CustomLog C:/WEB_ROOT/logs/access.log common
            SSLEngine on
            SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
            SSLCertificateFile C:/WEB_ROOT/certs/server.crt
            SSLCertificateKeyFile C:/WEB_ROOT/certs/server.key
            <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
                  SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory "C:/WEB_ROOT">
                  SSLOptions +StdEnvVars
            </Directory>
            SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
            CustomLog C:/WEB_ROOT/logs/ssl_request.log \
                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
      </VirtualHost>
</IfModule>

0
 
LVL 10

Accepted Solution

by:
PSSUser earned 63 total points
ID: 17245552
I've not used some of the SSL related directives you've got there. I've only recently started dealing with apache myself and spent some time understanding the basics that I needed and removing the rest.

For bear bones SSL part of the config you may want to take a look at my answer to
http://www.experts-exchange.com/Web/Web_Servers/Apache/Q_21907117.html
You could probaly do away with most of the stuff you have in your
<IfModule mod_ssl.c> section in favour of what I've detailed there (I would suggest copying your config first just to be on the safe side).

Just bear in mind as you want a port other than 443 you will have to later the listen and VirtualHost directives. I'd suggest you us 8443 instead.

The files you may need to download should go in whatever folder is set as your document root. Looking at your config this would be C:/WEB_ROOT. One thing to bear in mind if you want the server to run in http and https you may want a different document root for secure otherwise the content could be accessible via http (unless other factors such as permission setting within the virtualhost contains restrict it).

How to test it - set it up with a self signed certificate as described in my answer I've pointed you to above. Then restart the server and visit https://00.000.00.0:1111/
0
 
LVL 9

Author Comment

by:jhshukla
ID: 17417087
pardon the delay in closing the question; the project kept getting postponed and is now sorta abandoned.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question