You are on page 1of 2

Configuring Apache 2.

0 with mod_ssl for Secure Socket Layer (SSL)


Communication
Apache 2.0 does not come with SSL configured. Apache , for SSl depends on OpenSSl
implementation which comes as a separate module and needs further configuration of Apache
Web Server. Two downloads for apache Web Server is available. One without SSl and the other
includes Open SSL module. Please download the installer with SSL module for this tutorial. This
example tutorial demonstrates installing a self signed certificate.
Follow the steps mentioned below to enable SSL in Apache Web Server 2.0.x
Apache and Mod SSL
1. Install Open SSL
2. create a certificate signing request (for self signed cert)

openssl req -config openssl.cnf -new -out shan.csr -keyout shan.pem

the above command creates a CSR named shan.csr and a private key shan.pem

3. Now it's time to create a non-password protected key for Apache 2.0.X by executing the
following:

openssl rsa -in shan.pem -out shan.key

If you do not remove the password from the key then every time you start apache
you need to key in the password. This is okay with demo but not at all recommended
for practical usages.

4. Finally, run the following command to create an X.509 certificate, e.g. the kind of
certificate that SSL likes to munch:

openssl x509 -in shan.csr -out shan.cert -req -signkey shan.key -days 365

Congratulations, you've created a self-signed certificate! Keep the KEY and CERT files
some place safe, we'll be using them soon.

5. Install apache2 with mod_ssl


6. enable loading module of ssl in httpd.conf

Open up conf\httpd.conf in a text editor and look for the line LoadModule ssl_module
modules/mod_ssl.so and remove any pound sign (#) characters preceding it. If you don't
see that line where it probably should be (among the other LoadModule lines), then your
installation may not have mod_ssl.so ... can't help you there!
Also, while you're in conf\httpd.conf, make sure
the following lines exist somewhere (they
should if you got Apache2 from hunter):

<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>

Create a directory under conf called ssl and copy the blarg.key and blarg.cert files there; the
ones you created in step 2.

Crack open conf\ssl.conf in a text editor and ...

 Remove the <IfDefine SSL> and matching </IfDefine> lines.


 Correct the DocumentRoot, ServerName, and ServerAdmin lines as per your needs.
If you want the https version of your site to point to the same web root, make
DocumentRoot match the exact value in conf/httpd.conf. The other two values will be
reported by your server to any HTTPS clients, so make sure they're valid if you're
doing this for public consumption.

 Finally it's time to use your self-signed certificate! The lines you'll want to change
are SSLCertificateFile and SSLCertificateKeyFile which should point to your CERT
and KEY files respectively.

7. if ssl is enabled then load the ssl conf file


8. the ssl conf file should contain the SSL related entries
9. start Apache as apache –k start –D SSL, this will start Apache server with SSL Port
10. verify the certificate with https://hostname:<sslport>