This is an old revision of the document!
ssl for Apache
The steps below were done using Apache 2.0.63.
setup
- setup Apache2 as usual (make sure to get the version with SSL support)
- in httpd.conf, comment out Port 80, and use Listen lines instead
#Port 80 Listen 80 Listen 443
- make certs and keys (repeat for other name based virtual hosts)
- the Apache2 SSL archive comes with an openssl binary in Apache2/bin, and the configuration file 'openssl.cnf' is in Apache2/conf
- open a command terminal and go to Apache2/bin
- substitute your domain in place of my-server
openssl req -config ../conf/openssl.cnf -new -out my-server.csr openssl rsa -in privkey.pem -out my-server.key openssl x509 -in my-server.csr -out my-server.cert -req -signkey my-server.key -days 10000
- copy the .cert and .key file from the previous step to a new directory of Apache2/conf/ssl
- in httpd.conf, add ssl support by uncommenting this line:
LoadModule ssl_module modules/mod_ssl.so
- in httpd.conf, set up named based virtual hosts:
NameVirtualHost *:80 NameVirtualHost *:443 <VirtualHost *:80> DocumentRoot "/path/to/my-server" ServerName my-server </VirtualHost>
- tweak ssl.conf to have the following (probably best to remove the _default_ virtual host entry)
# see http://www.modssl.org/docs/2.8/ssl_reference.html for more info SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache none SSLLog logs/SSL.log SSLLogLevel info # You can later change "info" to "warn" if everything is OK <VirtualHost *:443> DocumentRoot "/path/to/my-server" ServerName my-server SSLEngine On SSLCertificateFile conf/ssl/my-server.cert SSLCertificateKeyFile conf/ssl/my-server.key </VirtualHost>
- Don't forget to call apache with -D SSL if the IfDefine directive is active in the config file! On Unix, it would look like this:
apachectl -D SSL -k start