How to install Apache with secured https?
1. Download Apache
wget http://www.eng.lsu.edu/mirrors/apache//httpd/httpd-2.2.17.tar.gz
tar xvfz httpd-2.2.17.tar.gz
2. Install Apache with SSL/TLS
View all available Apache installation and configuration options as shown below.
cd httpd-2.2.17
./configure --help
To install an Apache module, you would typically say –enable-{module-name}. For example, to install SSL with Apache, it is –enable-ssl. To install ldap module, it is –enable-ldap.
To uninstall any default module that comes with Apache, you would typically say –disable-{module-name}. For example, to disable basic authentication in Apache, it is –disable-auth-basic
In this example, we will install Apache with all default modules, with addition of –enable-ssl (to install mod_ssl for SSL support), and –enable-so, which helps to load modules in Apache during run-time via the Dynamic Shared Object (DSO) mechanism, rather than requiring a recompilation.
./configure --enable-ssl --enable-so
make
make install
Note: By default the above installs Apache under /usr/local/apache2. If you like to change this location, use –prefix option in the ./configure.
3. Enable SSL in httpd.conf
Apache configuration file httpd.conf is located under /usr/local/apache2/conf.
Uncomment the httpd-ssl.conf Include line in the /usr/local/apache2/conf/httpd.conf file.
# vi /usr/local/apache2/conf/httpd.conf
Include conf/extra/httpd-ssl.conf
View the httpd-ssl.conf to review all the default SSL configurations. For most cases, you don’t need to modify anything in this file.
vi /usr/local/apache2/conf/extra/httpd-ssl.conf
The SSL certificate and key are required before we start the Apache. The server.crt and server.key file mentioned in the httpd-ssl.conf needs to be created before we move forward.
# egrep 'server.crt|server.key' httpd-ssl.conf
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
4. Create server.crt and server.key file
First, Generate the server.key using openssl.
openssl genrsa -des3 -out server.key 1024
The above command will ask for the password. Make sure to remember this password. You need this while starting your Apache later.
Next, generate a certificate request file (server.csr) using the above server.key file.
openssl req -new -key server.key -out server.csr
Finally, generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
5. Copy the server.key and server.crt
Copy the server.key and server.crt file to appropriate Apache configuration directory location.
cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/
6. Start the apache and verify SSL
Start the Apache as shown below.
/usr/local/apache2/bin/apachectl start
This will prompt you to enter the password for your private key.
Apache/2.2.17 mod_ssl/2.2.17 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server www.example.com:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
By default Apache SSL runs on 443 port. Open a web browser and verify that you can access your Apache using https://{your-ip-address}
Subscribe to:
Posts (Atom)
