• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 571
  • Last Modified:

configuring Apache to use ssl

Configuration:
OS: Windows Server 2003
Web Server: Apache 2.0.58
Listens to Port 8078. Ports 80, 8080, and 8079 are used by IIS.

tell me, from scratch, how to configure the server to use SSL.

what directives i need to add to httpd.conf?
where should i put certain files that i may need to download?
how to test it?
and I need to use a port other than 443.

thanks
0
jhshukla
Asked:
jhshukla
  • 6
2 Solutions
 
jhshuklaAuthor Commented:
I tried following instructions on http://www.apache-ssl.org/#FAQ and http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL but to no avail. I get:

D:\Program Files\GnuWin32\bin>openssl req -new > new.cert.csr
Unable to load config info
Loading 'screen' into random state - done
Generating a 512 bit RSA private key
.......++++++++++++
...++++++++++++
writing new private key to stdout
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
unable to find 'distinguished_name' in config
problems making Certificate Request
10992:error:0E06D06A:configuration file routines:NCONF_get_string:no conf or environment variable:conf_lib.c:325:
0
 
jhshuklaAuthor Commented:
update: I followed instructions on http://www.devx.com/opensource/Article/20085/1763/page/2
now it is taking forever to serve the request.
0
 
rama_krishna580Commented:
Hi,

Setting up SSL Certificates on Apache
http://www.flatmtn.com/computer/Linux-SSLCertificatesApache.html

R.K
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
jhshuklaAuthor Commented:
flush previous discussions out of your mind.

<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  exec:spit_passwd.bat
SSLSessionCache        none
SSLMutex  default
#SSLEngine on ######################################

<VirtualHost 00.000.00.0:111>
#        ServerName 00.000.00.0
        DocumentRoot C:/WEB_ROOT
        ErrorLog C:/WEB_ROOT/logs/error.log
        CustomLog C:/WEB_ROOT/logs/access.log common
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile C:/WEB_ROOT/certs/server.crt
SSLCertificateKeyFile C:/WEB_ROOT/certs/server.key
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/WEB_ROOT">
    SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog C:/WEB_ROOT/logs/ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
</IfModule>

The moment I uncomment the SSLEngine On directive & try to restart, it craps out on me. with the line commented out, it could be (possibly) the happiest server on earth.
0
 
jhshuklaAuthor Commented:
do you wan't me to post all relevant parts of *.conf?
0
 
jhshuklaAuthor Commented:
here it is:
ServerRoot "C:/Program Files/Apache Group/Apache2"
PidFile logs/httpd.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
<IfModule mpm_winnt.c>
ThreadsPerChild 250
MaxRequestsPerChild  0
</IfModule>
Listen 80
Listen 8080
LoadModule access_module modules/mod_access.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_module modules/mod_auth.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule imap_module modules/mod_imap.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule php5_module c:/php/php5apache2.dll
PHPIniDir "C:/php"
ServerAdmin dumbledore@hogwarts.edu
ServerName NearlyNamelessServer:80
UseCanonicalName Off
DocumentRoot "C:/WEB_ROOT"
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory "C:/WEB_ROOT">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    RewriteEngine On
    RewriteRule ^([^/]+)\.html?(.*)$ index.php?_html_url=$1$2 [L,QSA]
    RewriteRule .+\.pdf(.*)$ index.php?page=convert_to_pdf&cmd=download$1 [L,QSA]
</Directory>
DirectoryIndex index.php index.html index.html.var
AccessFileName .htaccess
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
</FilesMatch>
TypesConfig conf/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
    MIMEMagicFile conf/magic
</IfModule>
HostnameLookups Off
ErrorLog logs/error.log
LogLevel warn
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog logs/access.log common
ServerTokens Full
ServerSignature On
Alias /icons/ "C:/Program Files/Apache Group/Apache2/icons/"
<Directory "C:/Program Files/Apache Group/Apache2/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>
    Options Indexes
    AllowOverride None
    Order allow,deny
    Allow from all
    <Files *.html>
        SetHandler type-map
    </Files>
</Directory>
ScriptAlias /cgi-bin/ "C:/Program Files/Apache Group/Apache2/cgi-bin/"
<Directory "C:/Program Files/Apache Group/Apache2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>
IndexOptions FancyIndexing VersionSort
ReadmeName README.html
HeaderName HEADER.html
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php
AddType application/x-httpd-php .phtml
AddType application/x-httpd-php-source .phps
AddHandler type-map var
<IfModule mod_ssl.c>
      SSLRandomSeed startup builtin
      SSLRandomSeed connect builtin
      Listen 443
      AddType application/x-x509-ca-cert .crt
      AddType application/x-pkcs7-crl    .crl
      SSLPassPhraseDialog  exec:spit_passwd.bat
      SSLSessionCache        none
      SSLMutex  default
      <VirtualHost ip.ad.re.ss:443>
              ServerName ip.ad.re.ss
              DocumentRoot C:/WEB_ROOT
              ErrorLog C:/WEB_ROOT/logs/error.log
              CustomLog C:/WEB_ROOT/logs/access.log common
            SSLEngine on
            SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
            SSLCertificateFile C:/WEB_ROOT/certs/server.crt
            SSLCertificateKeyFile C:/WEB_ROOT/certs/server.key
            <FilesMatch "\.(cgi|shtml|phtml|php3?)$">
                  SSLOptions +StdEnvVars
            </FilesMatch>
            <Directory "C:/WEB_ROOT">
                  SSLOptions +StdEnvVars
            </Directory>
            SetEnvIf User-Agent ".*MSIE.*" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
            CustomLog C:/WEB_ROOT/logs/ssl_request.log \
                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
      </VirtualHost>
</IfModule>

0
 
PSSUserCommented:
I've not used some of the SSL related directives you've got there. I've only recently started dealing with apache myself and spent some time understanding the basics that I needed and removing the rest.

For bear bones SSL part of the config you may want to take a look at my answer to
http://www.experts-exchange.com/Web/Web_Servers/Apache/Q_21907117.html
You could probaly do away with most of the stuff you have in your
<IfModule mod_ssl.c> section in favour of what I've detailed there (I would suggest copying your config first just to be on the safe side).

Just bear in mind as you want a port other than 443 you will have to later the listen and VirtualHost directives. I'd suggest you us 8443 instead.

The files you may need to download should go in whatever folder is set as your document root. Looking at your config this would be C:/WEB_ROOT. One thing to bear in mind if you want the server to run in http and https you may want a different document root for secure otherwise the content could be accessible via http (unless other factors such as permission setting within the virtualhost contains restrict it).

How to test it - set it up with a self signed certificate as described in my answer I've pointed you to above. Then restart the server and visit https://00.000.00.0:1111/
0
 
jhshuklaAuthor Commented:
pardon the delay in closing the question; the project kept getting postponed and is now sorta abandoned.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now