Solved

Where can I find a (comprehensible) guide to installing SSL on Apache running on Ubuntu?

Posted on 2011-09-06
11
282 Views
Last Modified: 2012-05-12
 I have the LAMP stack installed and working on Ubuntu 11.04 server, as well as the gnome UI.  The Apache version is 2.2 and I also have the libssl0.9.8 installed to enable the use of SSL.  I have setup a couple of virtual servers for different projects that run on their own IP addresses.  I need to configure one of these to use SSL so I can start the process of creating the web content to allow secure logins and differing content based on who is logged in.  My current issue is trying to get the HTTPS web pages working.

  Please feel free to suggest any command line testing you would need me to do if you need more information.  For someone who is new to Apache the overwhelming number of configuration options, in a myriad of configuration files, can be daunting.

  I would really like to find something that EXPLAINS why the SSL setup is handled in a particular way as well...  Understanding the process would trump just getting a "to do" list.
0
Comment
Question by:developmentguru
  • 9
11 Comments
 
LVL 3

Accepted Solution

by:
seanmccully earned 500 total points
ID: 36492031
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36493168
Are you familiar with several varieties of Linux?  I am a relative Linux newbie.  I will check out the articles and let you know if I need any... translation... to Ubuntu.  (I noticed the first one is a debian link).  Since it so late now, I will check it out tomorrow.
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36493569
Now I need to get back to the point where it was running... I tried following some googled directions on enabling SSL and now I get an error:

(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down

The server will not start.  I ran lsof -i TCP:443 and got:

COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
gvfsd-htt 3380 bthomson    9r  IPv4  53780      0t0  TCP TestServer.local:33842->sumac.canonical.com:https (CLOSE_WAIT)

I ran the command KILL on the process ID and reran the lsof and it came up clean.  I then tried to restart the server (apachectl START) and got the same message about 0.0.0.0:443.  Any ideas on this one?

I need to get back to a point where I can test out your links.
0
 
LVL 13

Expert Comment

by:LinuxGuru
ID: 36494175
hey...if you still get the same error "Address already in use:" you need to use the following command to kill the process listening on that port.

fuser -k -n tcp 443

After that please restart apache and let me know the results.
0
 
LVL 21

Assisted Solution

by:developmentguru
developmentguru earned 0 total points
ID: 36498501
I get the same error.  I am certain that Apache is what is causing the block.  It must be something that I did while trying to follow some step-by-step guide online...attempting to get the SSL going.  Having activated the SSL I should be looking at the config files that would be in use by the SSL... I seem to recall that one had a statement something like:

listen *:443

I think this kind of statement could be the cause.  I am trying to specifically use two virtual servers to listen to 443 on separate IP addresses.  If this type of statement is run first then it would conflict with mine and cause the server to error out, rather than run.

What do you think?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 21

Assisted Solution

by:developmentguru
developmentguru earned 0 total points
ID: 36498536
I found it.  It was in the ports.conf file.  I commented it out and now the server runs.  So, I am back to square one... how to get the SSL working on my two virtual hosts.  Now that the basics are working I can take a look at the links that were first provided.  Feel free to post anything else you think might help.
0
 
LVL 21

Assisted Solution

by:developmentguru
developmentguru earned 0 total points
ID: 36499052
I followed the directions in the second link I was given to create a self signed certificate (it is running on my own system for testing after all).  The 3 files were created and I tried to point the server to them.  Now the server refuses to start with an error

SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

I think I found some newer documentation on generating the keys.  
https://help.ubuntu.com/community/OpenSSL
I will try that soon and let you know how it goes.
0
 
LVL 21

Author Comment

by:developmentguru
ID: 36505963
Still working on it...
0
 
LVL 21

Assisted Solution

by:developmentguru
developmentguru earned 0 total points
ID: 36522918
I have made some progress...  I am currently getting the following error (most likely based on attempting to follow the instructions in the last link I posted):

[Mon Sep 12 10:07:46 2011] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Sep 12 10:07:46 2011] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

This was taken from the apache error log file /var/log/apache2/error.log

Having already looked it up I need to go back over the instructions and see where I messed up...
0
 
LVL 21

Assisted Solution

by:developmentguru
developmentguru earned 0 total points
ID: 36522927
This link:

http://iamsect.ncl.ac.uk/deliverables/docs/target/ar01s05.html

mentions:

Take care not to mix up the ‘csr’ (certificate signing request) and ‘crt’ (the signed certificate) in the ssl.conf file. Correcting this and restarting apache solves the problem.

still looking into it.  I mention it here in case it will be useful to someone else later on.
0
 
LVL 21

Author Closing Comment

by:developmentguru
ID: 36908445
Thanks for the help.  The links initially given pointed me in the right direction and I was able to get it running.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now