Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "SettingUpModSSL" page has been changed by thumbs. http://wiki.apache.org/httpd/SettingUpModSSL?action=diff&rev1=1&rev2=2 -------------------------------------------------- Apache httpd with SSL (https, Secure Socket Layer) This howto explains how to setup Apache httpd with ssl (https) for use with shopping carts, payment gateways or other secure systems. - Applicable to Centos Versions: - - * Centos 5.x Requirements Explanation of requirements. @@ -20, +17 @@ 1. Install httpd and openssl and generate key file for your new ssl certificate. While you can generate a non-encrypted key, the point here is security, so we'll be generating an encrypted key. Both the private key and the certificate are required to enable SSL: - yum install httpd openssl + Install the httpd and openssl packages (see the documentation that comes with your Linux distribution). openssl genrsa -des3 -out www.example.com.key 2048 - (Make sure to keep your passphrase in a secure location, not on your server. You'll need this each time you start/restart apache.) + (Make sure to keep your passphrase in a secure location, not on your server. You'll need this each time you start/restart apache http.) 2. Generate CSR (Certificate Signing Request) to give to your SSL certificate authority: @@ -45, +42 @@ 3. Install and configure mod_ssl: - yum install mod_ssl + Install the apache httpd mod_ssl module using your Linux's distribution preferred method - vi /etc/httpd/conf.d/ssl.conf + vi /path/to/ssl.conf Move your key and crt files to: - /etc/httpd/conf/ssl.key - /etc/httpd/conf/ssl.crt + /secure/location/ssl.key + /secure/location/ssl.crt + + You can use the follow sample configuration file to add a SSL vhost. See http://wiki.apache.org/httpd/DistrosDefaultLayout for more details on where linux distributions place their config files. Configuration file: # @@ -278, +277 @@ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> - 4. Restart httpd using the passphrase: + 4. Restart apache httpd using the passphrase: - service httpd restart (or start if it hasn't been started) - - service httpd restart - Stopping httpd: [ OK ] - Starting httpd: - Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog) + Apache/2.2.x mod_ssl/2.2.x (Pass Phrase Dialog) Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases. @@ -303, +297 @@ Visit: https://www.example.com - 2. Make sure httpd is started and that port 443 is open. Also, make sure you have configured httpd correctly apart from the SSL configuration: + 2. Make sure apache httpd is started and that port 443 is open. Also, make sure you have configured apache httpd correctly apart from the SSL configuration. - service httpd status; service iptables status - - Common problems and fixes - - Describe common problems here, include links to known common problems if on another site - - * http://wiki.centos.org - - More Information - Any additional information or notes. - Disclaimer - - We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #centos on irc.freenode.net -