Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Configuring Apache HTTP Server for Secure Socket Layer

Configuring Apache HTTP Server for Secure Socket Layer

Ratings: (0)|Views: 82 |Likes:
Published by api-3804031

More info:

Published by: api-3804031 on Dec 04, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





Configuring Apache HTTP Server 2.2.3 for Secure Socket Layer
Configuring Apache HTTP Server for Secure
Socket Layer [SSL]
@ The steps involved to configure SSL support in Apache are
listed here:

1. Install OpenSSL on your server, if it is not already
installed. Most
Linux systems should have OpenSSL installed.

2. Check whether your Apache installation has mod_ssl
support. If not,
you would need to build Apache from source with the

3. Get or generate an SSL certificate, and install it in

4. Make configuration changes in Apache for mod_ssl.
5. Test the SSL-enabled Apache-Tomcat setup.

@ Initial step
. Install the Apache HTTP Server 2.2.3 that having openssl
. To test whether openssl installed properly in the system, go

to the
<APACHE_HOME>/bin dir,
then type the following command

<APACHE_HOME>/bin>openssl version
. It gives the output similar to the following one,
.If OpenSSL is installed, you should see a report of the
number, similar to the following.
OpenSSL 0.9.8e 28 Feb 2007
@ Generating a Test Certificate with OpenSSL
Following are the main steps involved:
1. Create a configuration file for generating the certificate.
Configuring Apache HTTP Server 2.2.3 for Secure Socket Layer
2. Create a certificate signing request; this is what you
submit to a CA
if you are buying a certificate.
3. Purchase a certificate from a CA or create a self signed

4. Remove the passphrase from the private key.
5. Install the key and certificate to the server.

1. Configuration File for Generating a Certificate
Create a working directory called\u201ccertworks\u201d. You
generate all the required requests, keys,
configuration, and
certificates here.
A configuration file is required for generating the
certificate. A sample configuration file is presented
in the
following listing. Save the following contents in a file
"myconfig.file" in the certworks directory.

RANDFILE = ./random.txt
default_bits = 1024
default_keyfile = keyfile.pem
attributes = req_attributes
distinguished_name = MCA
prompt = no
output_password = mypassword
C = IN
OU = MCA 1
CN =
emailAddress = mail@myserver.com

Configuring Apache HTTP Server 2.2.3 for Secure Socket Layer
challengePassword = mypassword
.If you are testing on your own local LAN, you should
change the CN
(Common Name) entry to the fully qualified hostname
or IP of your
host. In the example above, the CN is set to
. If you are actually setting this up for a registered fully
domain name, this entry must match exactly the
domain that you
are requesting the certificate for. If your users are not
using thisexact name to access your site; they get a security
warning from the
.The key generator needs a file containing a random
number to add
entropy to the algorithm. Create a file called
random.txt and put a
large random number in it.
2. Create a Certificate Signing Request
The command for creating a certificate signing
request is as follows:
openssl req -new -outserver. csr -config
If you use the configuration from the myconfig.file,

this step
creates a certificate signing request (server.csr) and a
private key (keyfile.pem).

The following is a sample output from this command:
Generating a 1024 bit RSA private key

Activity (12)

You've already reviewed this. Edit your review.
1 hundred reads
shikha_bhat_1 liked this
adilagailey liked this
purwish liked this
rhythmbd liked this
shekar_bandi liked this
astn98 liked this
Guta Saputra liked this
shekar_bandi liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->