Where can I find a (comprehensible) guide to installing SSL on Apache running on Ubuntu?

 I have the LAMP stack installed and working on Ubuntu 11.04 server, as well as the gnome UI.  The Apache version is 2.2 and I also have the libssl0.9.8 installed to enable the use of SSL.  I have setup a couple of virtual servers for different projects that run on their own IP addresses.  I need to configure one of these to use SSL so I can start the process of creating the web content to allow secure logins and differing content based on who is logged in.  My current issue is trying to get the HTTPS web pages working.

  Please feel free to suggest any command line testing you would need me to do if you need more information.  For someone who is new to Apache the overwhelming number of configuration options, in a myriad of configuration files, can be daunting.

  I would really like to find something that EXPLAINS why the SSL setup is handled in a particular way as well...  Understanding the process would trump just getting a "to do" list.
LVL 21
developmentguruPresidentAsked:
Who is Participating?
 
seanmccullyConnect With a Mentor Commented:
0
 
developmentguruPresidentAuthor Commented:
Are you familiar with several varieties of Linux?  I am a relative Linux newbie.  I will check out the articles and let you know if I need any... translation... to Ubuntu.  (I noticed the first one is a debian link).  Since it so late now, I will check it out tomorrow.
0
 
developmentguruPresidentAuthor Commented:
Now I need to get back to the point where it was running... I tried following some googled directions on enabling SSL and now I get an error:

(98)Address already in use: make_sock: could not bind to address 0.0.0.0:443
no listening sockets available, shutting down

The server will not start.  I ran lsof -i TCP:443 and got:

COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
gvfsd-htt 3380 bthomson    9r  IPv4  53780      0t0  TCP TestServer.local:33842->sumac.canonical.com:https (CLOSE_WAIT)

I ran the command KILL on the process ID and reran the lsof and it came up clean.  I then tried to restart the server (apachectl START) and got the same message about 0.0.0.0:443.  Any ideas on this one?

I need to get back to a point where I can test out your links.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LinuxGuruLinux Server AdministratorCommented:
hey...if you still get the same error "Address already in use:" you need to use the following command to kill the process listening on that port.

fuser -k -n tcp 443

After that please restart apache and let me know the results.
0
 
developmentguruConnect With a Mentor PresidentAuthor Commented:
I get the same error.  I am certain that Apache is what is causing the block.  It must be something that I did while trying to follow some step-by-step guide online...attempting to get the SSL going.  Having activated the SSL I should be looking at the config files that would be in use by the SSL... I seem to recall that one had a statement something like:

listen *:443

I think this kind of statement could be the cause.  I am trying to specifically use two virtual servers to listen to 443 on separate IP addresses.  If this type of statement is run first then it would conflict with mine and cause the server to error out, rather than run.

What do you think?
0
 
developmentguruConnect With a Mentor PresidentAuthor Commented:
I found it.  It was in the ports.conf file.  I commented it out and now the server runs.  So, I am back to square one... how to get the SSL working on my two virtual hosts.  Now that the basics are working I can take a look at the links that were first provided.  Feel free to post anything else you think might help.
0
 
developmentguruConnect With a Mentor PresidentAuthor Commented:
I followed the directions in the second link I was given to create a self signed certificate (it is running on my own system for testing after all).  The 3 files were created and I tried to point the server to them.  Now the server refuses to start with an error

SSL Library Error: 218734605 error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib

I think I found some newer documentation on generating the keys.  
https://help.ubuntu.com/community/OpenSSL
I will try that soon and let you know how it goes.
0
 
developmentguruPresidentAuthor Commented:
Still working on it...
0
 
developmentguruConnect With a Mentor PresidentAuthor Commented:
I have made some progress...  I am currently getting the following error (most likely based on attempting to follow the instructions in the last link I posted):

[Mon Sep 12 10:07:46 2011] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Mon Sep 12 10:07:46 2011] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

This was taken from the apache error log file /var/log/apache2/error.log

Having already looked it up I need to go back over the instructions and see where I messed up...
0
 
developmentguruConnect With a Mentor PresidentAuthor Commented:
This link:

http://iamsect.ncl.ac.uk/deliverables/docs/target/ar01s05.html

mentions:

Take care not to mix up the ‘csr’ (certificate signing request) and ‘crt’ (the signed certificate) in the ssl.conf file. Correcting this and restarting apache solves the problem.

still looking into it.  I mention it here in case it will be useful to someone else later on.
0
 
developmentguruPresidentAuthor Commented:
Thanks for the help.  The links initially given pointed me in the right direction and I was able to get it running.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.