Solved

Cant able to configure SSL on apache 2.0.59

Posted on 2013-06-20
6
351 Views
Last Modified: 2014-01-26
cannot able to confgiure SSL on Apache using Linux machine.The system specs i have is
- centos 4.8 final
- apache 2.0.59

I configure the Apache with command

./configure --enable-so --with-apxs2 --enable-ssl

Also i am getting the error in error log i.e.
[warn] Init: Session Cache is not configured [hint: SSLSessionCache]

Tried couple of tweaks but none work.

Help in this regard is really appreciated.
0
Comment
Question by:nocinfospan
6 Comments
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39264729
Can you post your httpd.conf?
0
 
LVL 6

Expert Comment

by:Vijay Pratap Singh
ID: 39264958
Please configure cache memory for Webserver apache and restart the httpd deamon.
0
 
LVL 3

Accepted Solution

by:
rajeev2353 earned 500 total points
ID: 39265245
hi,
please see this method and implement .

#yum install mod ssl

# cd /etc/pki/tls/certs
# openssl genrsa -des3 -out apachekey.pem 2048

Generating RSA private key, 2048 bit long modulus
..................+++
...................................+++
e is 65537 (0x10001)
Enter pass phrase for apachekey.pem:
Verifying - Enter pass phrase for apachekey.pem:

--
--
-

# openssl req -new -key apachekey.pem -out apachekey.csr

Enter pass phrase for apachekey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:
Email Address []:vivek@nixcraft.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# openssl ca -in apachekey.csr -out apachecert.pem

# cp apachecert.pem /etc/pki/tls/http/
# cp apachekey.pem /etc/pki/tls/http/

# vi /etc/httpd/conf.d/ssl.conf
Listen 10.10.29.68:443
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024

<VirtualHost ip:443>
    SSLEngine On
    SSLCertificateFile /etc/pki/tls/http/apachecert.pem
    SSLCertificateKeyFile /etc/pki/tls/http/apachekey.pem
    SSLProtocol All -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5
    DocumentRoot "/var/www/html/ssl"
    ServerName hostname:443
</VirtualHost>

# mkdir -p /var/www/html/ssl

# vi /etc/httpd/conf/httpd.conf

<Directory /var/www/html/ssl>
         SSLRequireSSL
         SSLOptions +StrictRequire
         SSLRequire %{HTTP_HOST} eq "domain name"
         ErrorDocument 403 https://domain name/sslerror.html
</Directory>

# service httpd restart
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 1

Author Comment

by:nocinfospan
ID: 39266325
@rajeev2353
As i am using Centos 4.8 they do not support base repository for yum any more. so i cant install through yum . the only option i have is to configure the apache with
.\configure --enable-ssl .

@rickyzen

where exactly should i change??

@Mazdajai
please see attached.
httpd.txt
0
 
LVL 3

Expert Comment

by:rajeev2353
ID: 39267529
hi,

By Default Yum install on Centos-4.8 with online,but you have not internet then you can create repo

#vi /etc/yum.repo.d/server.repo
[server]
name=server
baseurl=file:\\\media\cdrecoder\CentOS\RPMS\
gpgcheck=0
enable=1

and save this file

# yum install openssl-*
#yum install mod_ssl-*

######################

Otherwise, you can install manually,

#cd /media/cdrecorder\Centos\RPMS
#rpm -ivh openssl-*
#rpm -ivh mod_ssl-*
0
 
LVL 21

Expert Comment

by:Mazdajai
ID: 39301980
You need to add them to your http.conf -
LoadModule ssl_module modules/mod_ssl.so
SSLSessionCache        shmcb:/path/path(512000)

Open in new window


Take a look on the following in SSLSessionCache -
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslsessioncache

Example http.conf with SSL -
http://code.google.com/p/casshib/wiki/Sample_httpd_ssl_conf
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Python variable _ manually assigned 9 84
Video Streaming 6 73
(Open)LDAP V2.44  search proxy to AD (W2012R2) 37 140
Run same command on multiple files in Linux 3 32
rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question