//
you're reading...
Apache, SSL, Web Server

Configuring SSL on Apache

To configure SSL on Jboss and Apache you need to configure mod_jk first which I have shown how to do in my mod_jk installation blog.

Now to configure SSL you do not need to do much if you are doing it on linux but on windows you have to do some extra stuff which may be a bit complicated.

First of all we need to prepare a test certificate which the user needs to accept .The certificate contains the web site authenticity and user needs to accept it for SSL handshake.

To prepare the certificate we require a library named openSSL which may come with your apache server distribution or it may not. Unfortunately I had to download the OpenSSL exe separately and then create certificate. Most of the places you will find the source to build it but there are some places where the binary file is kept and its better you download it from there if you are not very much aware of building these binaries from source code.

So let me provide you the link from where I downloaded this opnssl binary http://code.google.com/p/openssl-for-windows/downloads/list

Now copy libaay32.lib and ssleay32.lib in your windows/system32 folder .And there is a openssl conf file which is not here but you can download it by Google it  put it in same folder as openssl.exe

Now we are ready to create the certificate .

Issue this commands from  http://www.apache-ssl.org/#FAQ.

openssl req -config openssl.cnf -new -out my-server.csr
This creates a certificate signing request and a private key. When asked for "Common Name (eg, your websites domain name)", give the exact domain name of your web server (e.g. http://www.my-server.dom). The certificate belongs to this server name and browsers complain if the name doesn’t match.

openssl rsa -in privkey.pem -out my-server.key
This removes the passphrase from the private key. You MUST understand what this means; my-server.key should be only readable by the apache server and the administrator.
You should delete the .rnd file because it contains the entropy information for creating the key and could be used for cryptographic attacks against your private key.

openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 365
This creates a self-signed certificate that you can use until you get a “real” one from a certificate authority. (Which is optional; if you know your users, you can tell them to install the certificate into their browsers.) Note that this certificate expires after one year, you can increase -days 365 if you don’t want this.

Now you have your certificate and the key file ready .

Create an Apache/conf/ssl directory and move my-server.key and my-server.cert into it.

Now include your conf/ssl.cof in httpd.conf

In ssl.conf give the path to the certificate and the key like this, these lines are already there ,you just require to uncomment and give the correct filenames :

SSLCertificateFile conf/extra/server.crt

SSLCertificateKeyFile conf/extra/server.key

Create a virtual host .

Do change for rewrite rules if you want specifics urls on https and if you need whole site to run o SSL you can do it like this

RewriteEngine On

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

Just do not forget to load the rewrite module in your conf file.

Basically this is all what we need to make our site run on SSL.

Advertisements

About Gaurav Mutreja

Well I think a lot !! Now I would like to speak a bit!

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: