Tuesday, November 18, 2008

Configuring SSL on a Web Server using Apache

Here is a link to an article on setting up SSL on an Apache web server.

These are the steps that I followed from the article:

I am setting up a qa web server , so I did this :

1) " For testing purposes, or for small LANs, you can create a self-signed certificate. This can be done by issuing this command: "

openssl req -new -x509 -days 365 -sha1 -newkey rsa:1024 \
-nodes -keyout server.key -out server.crt \
-subj '/O=Company/OU=Department/CN=www.example.com'

Note: You will need to have setup a self-signing Certificate
Authority on your server.
This enables you to create your own temporary
certificates for testing purposes.
See my blog post on setting up
Email/SMTP on Amazon EC2 for how this is done.

2) Next, I installed mod_ssl on Apache:
For Fedora, command line: yum install mod_ssl

3) Update /etc/httpd/conf.d/ssl.conf,
add a reference to your certificate (server.crt) and your key (server.key),
For example:
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.

SSLCertificateFile /etc/httpd/certs/server.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)

SSLCertificateKeyFile /etc/httpd/certs/server.key

4) Enable Port 443 on your server and firewall
(Amazon EC2 command line:

ec2-authorize default -p 443 )

Conclusion: You now have a QA Web server with a temporary certificate that can run web sites
using SSL ( https ). For production Web servers , you will need to purchase a permanent certificate
from a trusted certificate authority like Verisign.

1 comment: