Solved

Pls help me set up SSL.. My httpd.conf file has nothing about SSL

Posted on 2006-11-21
9
178 Views
Last Modified: 2012-05-05
I am trying to set up SSL using port 443. My httpd.conf file has no examples of how to set this up. Can someone ple help me put the right stuff in my config file. Also do I have to add to my listening port 443 and duplicate the virtual host as 443. Here's what I have so far:

Listen 10.1.1.3:80
Port 80
NameVirtualHost *:80
<VirtualHost *:80>
    ServerName mydomain.com
    ServerAlias *.mydomain.com
    DocumentRoot /my/path
</VirtualHost>
<Directory "/my/path">
    AllowOverride All
</Directory>

Thanks in advance to all the commnuity for any help they can share.


0
Comment
Question by:bemara57
  • 5
  • 2
  • 2
9 Comments
 
LVL 15

Expert Comment

by:periwinkle
ID: 17988183
Which version of Apache?
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17988241
Can you go to

http://web-sniffer.net/

Select HTTP Version 1.1 and Request Type POST.

Leave the Agent as it is and then post up the results.

0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17988243
Apologies wrong Question :(
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 13

Expert Comment

by:rhickmott
ID: 17988339
How far have you got?

You will then need to modify the separate conf for Mod SSL. How far have you got have you been given your key and certificate yet or have you generated them yourself? Basically you will need to set up your http as normal using standard HTTP.CONF setup. there is then an additional one for ModSSL which you can merge if you wish. This sets up the listen port for HTTPS.

Once you have done this your Virtual Hosts section should look like this.


<VirtualHost *:443>
         SSLEngine On
         SSLCertificateFile conf/ssl/server.cert
         SSLCertificateKeyFile conf/ssl/server.key
</VirtualHost>

NameVirtualHost *:80

<VirtualHost *:80>
     #Use The standard server definitions or define your virtual hosts as normal under this
</VirtualHost>
0
 
LVL 15

Expert Comment

by:periwinkle
ID: 17988358
rhickmott - I'm wondering if the user has Apache 2.x where there are multiple configuration files, or if SSL support has even been compiled into the executable.
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17988421
Basically yes Its impossible to process without knowing the version and how far they have got. If the OP hasent even generated a CSR request and have a signed certificate then this question can get quite extensive :)

The company I work for has a standard Apache 2 conf file which makes it easier for some ofthe admins to configure but it has everything needed for HTTPS in one file and not that extensively difficult to work with. It also depends on the OS as well.

Whats the OS?
Whats the Apache Version?
How far have you got setting it up?

Is basically the information we need.
0
 

Author Comment

by:bemara57
ID: 17989303
I am using AIX Unix 4.3.3 and Apache 1.3.26

I have already gotten the SSL certificate and key files generated for me. They actually came from another server. We are moving our website from one server to another (Apache to Apache). So I have already got the 2 files from the other server. Now I have to configure my new webserver Apache 1.3.26.
0
 
LVL 13

Accepted Solution

by:
rhickmott earned 500 total points
ID: 17989392
Ok what do you currently have in your httpd.conf file?

Im assuming you have compiled Apache with mod_ssl. In which case you will need to uncomment the

LoadModule ssl_module modules/mod_ssl.so

Line in your Apache Setup.

At the end of the file before your Virtual Hosts try adding the following.

<IfModule mod_ssl.c>
         
      ## Handle SSL
      Listen 443

      #SSL Types
      AddType application/x-x509-ca-cert .crt
      AddType application/x-pkcs7-crl    .crl

      SSLPassPhraseDialog  builtin
          SSLSessionCache none
      SSLSessionCacheTimeout  300      
      SSLMutex default
      SSLRandomSeed startup builtin
      SSLRandomSeed connect builtin
      SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      
      <VirtualHost *:443>

            #  General setup for the virtual host
            DocumentRoot <HTTPSDOCROOT>
            ServerName *:443
            ServerAdmin you@yourdomain.com
            ErrorLog logs/error.log
            TransferLog logs/access.log
                  
            <Directory "HTTPSDOCROOT">
                      Options FollowSymLinks
                      AllowOverride All
                      Order allow,deny
                      Allow from all
            </Directory>

            <Files ~ "\.(cgi|shtml|phtml|php3?)$">
                      SSLOptions +StdEnvVars
            </Files>
            <Directory "cgi-bin">
                      SSLOptions +StdEnvVars
            </Directory>
      
            CustomLog logs/ssl_request_log \
                "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

            SSLEngine On
            SSLCertificateFile conf/ssl/server.cert
            SSLCertificateKeyFile conf/ssl/server.key
      </virtualhost>
</IfModule>

And then above your Virtual Host declarations add.

<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile conf/ssl/server.cert
        SSLCertificateKeyFile conf/ssl/server.key
</VirtualHost>

Making sure of course that that your server.cert and server.key files are in the right place ( <apache>/conf/ssl/ )

Let us know if you get any probs
0
 

Author Comment

by:bemara57
ID: 18003878
Thanks but there is no LoadModule ssl_module modules/mod_ssl.so line in my config file. Is it possible that I have to download and install this module onto Apache or does it always come with it?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question