• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 380
  • Last Modified:

Cant able to configure SSL on apache 2.0.59

cannot able to confgiure SSL on Apache using Linux machine.The system specs i have is
- centos 4.8 final
- apache 2.0.59

I configure the Apache with command

./configure --enable-so --with-apxs2 --enable-ssl

Also i am getting the error in error log i.e.
[warn] Init: Session Cache is not configured [hint: SSLSessionCache]

Tried couple of tweaks but none work.

Help in this regard is really appreciated.
0
nocinfospan
Asked:
nocinfospan
1 Solution
 
MazdajaiCommented:
Can you post your httpd.conf?
0
 
Vijay Pratap SinghCommented:
Please configure cache memory for Webserver apache and restart the httpd deamon.
0
 
rajeev2353Commented:
hi,
please see this method and implement .

#yum install mod ssl

# cd /etc/pki/tls/certs
# openssl genrsa -des3 -out apachekey.pem 2048

Generating RSA private key, 2048 bit long modulus
..................+++
...................................+++
e is 65537 (0x10001)
Enter pass phrase for apachekey.pem:
Verifying - Enter pass phrase for apachekey.pem:

--
--
-

# openssl req -new -key apachekey.pem -out apachekey.csr

Enter pass phrase for apachekey.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:
Email Address []:vivek@nixcraft.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# openssl ca -in apachekey.csr -out apachecert.pem

# cp apachecert.pem /etc/pki/tls/http/
# cp apachekey.pem /etc/pki/tls/http/

# vi /etc/httpd/conf.d/ssl.conf
Listen 10.10.29.68:443
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect file:/dev/urandom 1024

<VirtualHost ip:443>
    SSLEngine On
    SSLCertificateFile /etc/pki/tls/http/apachecert.pem
    SSLCertificateKeyFile /etc/pki/tls/http/apachekey.pem
    SSLProtocol All -SSLv2
    SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5
    DocumentRoot "/var/www/html/ssl"
    ServerName hostname:443
</VirtualHost>

# mkdir -p /var/www/html/ssl

# vi /etc/httpd/conf/httpd.conf

<Directory /var/www/html/ssl>
         SSLRequireSSL
         SSLOptions +StrictRequire
         SSLRequire %{HTTP_HOST} eq "domain name"
         ErrorDocument 403 https://domain name/sslerror.html
</Directory>

# service httpd restart
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
nocinfospanAuthor Commented:
@rajeev2353
As i am using Centos 4.8 they do not support base repository for yum any more. so i cant install through yum . the only option i have is to configure the apache with
.\configure --enable-ssl .

@rickyzen

where exactly should i change??

@Mazdajai
please see attached.
httpd.txt
0
 
rajeev2353Commented:
hi,

By Default Yum install on Centos-4.8 with online,but you have not internet then you can create repo

#vi /etc/yum.repo.d/server.repo
[server]
name=server
baseurl=file:\\\media\cdrecoder\CentOS\RPMS\
gpgcheck=0
enable=1

and save this file

# yum install openssl-*
#yum install mod_ssl-*

######################

Otherwise, you can install manually,

#cd /media/cdrecorder\Centos\RPMS
#rpm -ivh openssl-*
#rpm -ivh mod_ssl-*
0
 
MazdajaiCommented:
You need to add them to your http.conf -
LoadModule ssl_module modules/mod_ssl.so
SSLSessionCache        shmcb:/path/path(512000)

Open in new window


Take a look on the following in SSLSessionCache -
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html#sslsessioncache

Example http.conf with SSL -
http://code.google.com/p/casshib/wiki/Sample_httpd_ssl_conf
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now