How to install Apache with secured https?

                                                                   
                                                                   
                                                                   
                                           
1. Download Apache

wget http://www.eng.lsu.edu/mirrors/apache//httpd/httpd-2.2.17.tar.gz
tar xvfz httpd-2.2.17.tar.gz

2. Install Apache with SSL/TLS

View all available Apache installation and configuration options as shown below.

cd httpd-2.2.17
./configure --help

To install an Apache module, you would typically say –enable-{module-name}. For example, to install SSL with Apache, it is –enable-ssl. To install ldap module, it is –enable-ldap.

To uninstall any default module that comes with Apache, you would typically say –disable-{module-name}. For example, to disable basic authentication in Apache, it is –disable-auth-basic

In this example, we will install Apache with all default modules, with addition of –enable-ssl (to install mod_ssl for SSL support), and –enable-so, which helps to load modules in Apache during run-time via the Dynamic Shared Object (DSO) mechanism, rather than requiring a recompilation.

./configure --enable-ssl --enable-so
make
make install

Note: By default the above installs Apache under /usr/local/apache2. If you like to change this location, use –prefix option in the ./configure.

3. Enable SSL in httpd.conf

Apache configuration file httpd.conf is located under /usr/local/apache2/conf.

Uncomment the httpd-ssl.conf Include line in the /usr/local/apache2/conf/httpd.conf file.

# vi /usr/local/apache2/conf/httpd.conf
Include conf/extra/httpd-ssl.conf

View the httpd-ssl.conf to review all the default SSL configurations. For most cases, you don’t need to modify anything in this file.

vi /usr/local/apache2/conf/extra/httpd-ssl.conf

The SSL certificate and key are required before we start the Apache. The server.crt and server.key file mentioned in the httpd-ssl.conf needs to be created before we move forward.

# egrep 'server.crt|server.key' httpd-ssl.conf
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"

4. Create server.crt and server.key file

First, Generate the server.key using openssl.

openssl genrsa -des3 -out server.key 1024

The above command will ask for the password. Make sure to remember this password. You need this while starting your Apache later.

Next, generate a certificate request file (server.csr) using the above server.key file.

openssl req -new -key server.key -out server.csr

Finally, generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

5. Copy the server.key and server.crt

Copy the server.key and server.crt file to appropriate Apache configuration directory location.

cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/

6. Start the apache and verify SSL

Start the Apache as shown below.

/usr/local/apache2/bin/apachectl start

This will prompt you to enter the password for your private key.

Apache/2.2.17 mod_ssl/2.2.17 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.example.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.

By default Apache SSL runs on 443 port. Open a web browser and verify that you can access your Apache using https://{your-ip-address}