I’ve just configured Apache for SSL and it took longer than I thought it should. I didn’t find any straightforward instructions on the web so here’s what I eventually did – after a deal of experimentation. These worked for me running apache 2.2.8 under Linux – Hardy Heron.

I generated a self-certified certificate:

openssl req -new -x509 -nodes -out /etc/apache2/server.crt -keyout /etc/apache2/server.key

I enabled ssl:

cd /etc/apache2/mods-enabled
ln -s ../mods-available/ssl.load ssl.load
ln -s ../mods-available/ssl.conf ssl.conf

I edited the file /etc/apache2/sites-enabled/default so it includes the following at the end:

‹VirtualHost localhost:443›
DocumentRoot /var/www/
SSLEngine On
SSLCertificateFile /etc/apache2/server.crt
SSLCertificateKeyFile /etc/apache2/server.key
‹/VirtualHost›

This should serve all https requests from /var/www.

I restarted apache and used openssl to check things are good:

openssl s_client -connect localhost:443

I was hoping to see output such as:

CONNECTED(00000003)
depth=0 /C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost
verify return:1
—
Certificate chain
0 s:/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost
i:/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost
—
Server certificate
—–BEGIN CERTIFICATE—–
… etc …
—–END CERTIFICATE—–
subject=/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost
issuer=/C=GB/ST=warks/L=leam/O=BP/OU=JAD/CN=localhost
—
No client certificate CA names sent
—
SSL handshake has read 915 bytes and written 308 bytes
—
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
… etc etc …
Verify return code: 18 (self signed certificate)
—

and I did! 

This entry was posted on July 10, 2008 at 12:00 am. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Posted in Black Pepper Blog by Julia Dain 1 Comment