Solved

configuring Apache to use ssl

Posted on 2006-07-10
9
563 Views
Last Modified: 2008-02-01
Configuration:
OS: Windows Server 2003
Web Server: Apache 2.0.58
Listens to Port 8078. Ports 80, 8080, and 8079 are used by IIS.

tell me, from scratch, how to configure the server to use SSL.

what directives i need to add to httpd.conf?
where should i put certain files that i may need to download?
how to test it?
and I need to use a port other than 443.

thanks
0
Comment
Question by:jhshukla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
9 Comments
 
LVL 9

Author Comment

by:jhshukla
ID: 17076103
I tried following instructions on http://www.apache-ssl.org/#FAQ and http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL but to no avail. I get:

D:\Program Files\GnuWin32\bin>openssl req -new > new.cert.csr
Unable to load config info
Loading 'screen' into random state - done
Generating a 512 bit RSA private key
.......++++++++++++
...++++++++++++
writing new private key to stdout
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
10992:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:325:
0
 
LVL 9

Author Comment

by:jhshukla
ID: 17076607
update: I followed instructions on http://www.devx.com/opensource/Article/20085/1763/page/2
now it is taking forever to serve the request.
0
 
LVL 23

Assisted Solution

by:rama_krishna580
rama_krishna580 earned 62 total points
ID: 17081978
Hi,

Setting up SSL Certificates on Apache
http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html

R.K
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 9

Author Comment

by:jhshukla
ID: 17094927
flush previous discussions out of your mind.

<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  exec:spit_passwd.bat
SSLSessionCache        none
SSLMutex  default
#SSLEngine on ######################################

<VirtualHost 00.000.00.0:111>
#        ServerName 00.000.00.0
        DocumentRoot C:/WEB_ROOT
        ErrorLog C:/WEB_ROOT/logs/error.log
        CustomLog C:/WEB_ROOT/logs/access.log common
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile C:/WEB_ROOT/certs/server.crt
SSLCertificateKeyFile C:/WEB_ROOT/certs/server.key
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/WEB_ROOT">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog C:/WEB_ROOT/logs/ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>

The moment I uncomment the SSLEngine On directive & try to restart, it craps out on me. with the line commented out, it could be (possibly) the happiest server on earth.
0
 
LVL 9

Author Comment

by:jhshukla
ID: 17095082
do you wan't me to post all relevant parts of *.conf?
0
 
LVL 9

Author Comment

by:jhshukla
ID: 17095189
here it is:
ServerRoot "C:/Program Files/Apache Group/Apache2"
PidFile logs/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild  0
</IfModule>
Listen 80
Listen 8080
LoadModule access_module modules/mod_access.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_module modules/mod_auth.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule imap_module modules/mod_imap.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule php5_module c:/php/php5apache2.dll
PHPIniDir "C:/php"
ServerAdmin dumbledore@hogwarts.edu
ServerName NearlyNamelessServer:80
UseCanonicalName Off
DocumentRoot "C:/WEB_ROOT"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory "C:/WEB_ROOT">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    RewriteEngine On
    RewriteRule ^([^/]+)\.html?(.*)$ index.php?_html_url=$1$2 [L,QSA]
    RewriteRule .+\.pdf(.*)$ index.php?page=convert_to_pdf&cmd=download$1 [L,QSA]
</Directory>
DirectoryIndex index.php index.html index.html.var
AccessFileName .htaccess
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access.log common
ServerTokens Full
ServerSignature On
Alias /icons/ "C:/Program Files/Apache Group/Apache2/icons/"
<Directory "C:/Program Files/Apache Group/Apache2/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
    Options Indexes
    AllowOverride None
    Order allow,deny
    Allow from all
    <Files *.html>
        SetHandler type-map
    </Files>
</Directory>
ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache2/cgi-bin/"
<Directory "C:/Program Files/Apache Group/Apache2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort
ReadmeName README.html
HeaderName HEADER.html
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php .phtml
AddType application/x-httpd-php-source .phps
AddHandler type-map var
<IfModule mod_ssl.c>
      SSLRandomSeed startup builtin
      SSLRandomSeed connect builtin
      Listen 443
      AddType application/x-x509-ca-cert .crt
      AddType application/x-pkcs7-crl    .crl
      SSLPassPhraseDialog  exec:spit_passwd.bat
      SSLSessionCache        none
      SSLMutex  default
      <VirtualHost ip.ad.re.ss:443>
              ServerName ip.ad.re.ss
              DocumentRoot C:/WEB_ROOT
              ErrorLog C:/WEB_ROOT/logs/error.log
              CustomLog C:/WEB_ROOT/logs/access.log common
            SSLEngine on
            SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
            SSLCertificateFile C:/WEB_ROOT/certs/server.crt
            SSLCertificateKeyFile C:/WEB_ROOT/certs/server.key
            <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
                  SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory "C:/WEB_ROOT">
                  SSLOptions +StdEnvVars
            </Directory>
            SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
            CustomLog C:/WEB_ROOT/logs/ssl_request.log \
                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
      </VirtualHost>
</IfModule>

0
 
LVL 10

Accepted Solution

by:
PSSUser earned 63 total points
ID: 17245552
I've not used some of the SSL related directives you've got there. I've only recently started dealing with apache myself and spent some time understanding the basics that I needed and removing the rest.

For bear bones SSL part of the config you may want to take a look at my answer to
http://www.experts-exchange.com/Web/Web_Servers/Apache/Q_21907117.html
You could probaly do away with most of the stuff you have in your
<IfModule mod_ssl.c> section in favour of what I've detailed there (I would suggest copying your config first just to be on the safe side).

Just bear in mind as you want a port other than 443 you will have to later the listen and VirtualHost directives. I'd suggest you us 8443 instead.

The files you may need to download should go in whatever folder is set as your document root. Looking at your config this would be C:/WEB_ROOT. One thing to bear in mind if you want the server to run in http and https you may want a different document root for secure otherwise the content could be accessible via http (unless other factors such as permission setting within the virtualhost contains restrict it).

How to test it - set it up with a self signed certificate as described in my answer I've pointed you to above. Then restart the server and visit https://00.000.00.0:1111/
0
 
LVL 9

Author Comment

by:jhshukla
ID: 17417087
pardon the delay in closing the question; the project kept getting postponed and is now sorta abandoned.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question