apache_https
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
apache_https [2008/01/29 14:21] – damir | apache_https [2008/01/29 14:26] (current) – removed damir | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ===== Apache https config ===== | ||
- | ==== httpd.conf ==== | ||
- | I order to activate the https support you have to check that in the / | ||
- | < | ||
- | NameVirtualHost <ip of the web server>: | ||
- | NameVirtualHost <ip of the web server>: | ||
- | </ | ||
- | |||
- | Avoid the format | ||
- | < | ||
- | NameVirtualHost *:80 | ||
- | NameVirtualHost *:443 | ||
- | </ | ||
- | |||
- | as this doesn' | ||
- | |||
- | ==== Creation of certificate ==== | ||
- | For a self-Signed certificate we must create the Certification Autority (ourself) certificate, | ||
- | * Create the CA certificate (valid 10 years) | ||
- | '' | ||
- | * Split of the certificate and the key | ||
- | '' | ||
- | * Generate the self-signed certificate for the web server | ||
- | '' | ||
- | * Move the files on the right directories | ||
- | '' | ||
- | |||
- | ==== VirtualHost config ==== | ||
- | |||
- | Create an istance for a VirtualHost using the same informations you have for a plain VirtualHost. if you have a istance like this: | ||
- | < | ||
- | < | ||
- | ServerAdmin webmaster@< | ||
- | ServerName < | ||
- | ServerAlias < | ||
- | |||
- | DocumentRoot / | ||
- | |||
- | ErrorLog | ||
- | CustomLog / | ||
- | |||
- | ..... | ||
- | |||
- | </ | ||
- | </ | ||
- | |||
- | copy it to a second istance with these modifications | ||
- | < | ||
- | < | ||
- | ServerAdmin webmaster@< | ||
- | ServerName < | ||
- | ServerAlias < | ||
- | |||
- | DocumentRoot / | ||
- | |||
- | SSLEngine on | ||
- | SSLCipherSuite ALL: | ||
- | |||
- | SSLCertificateFile / | ||
- | SSLCertificateKeyFile / | ||
- | |||
- | SetEnvIf User-Agent " | ||
- | nokeepalive ssl-unclean-shutdown \ | ||
- | downgrade-1.0 force-response-1.0 | ||
- | |||
- | ErrorLog | ||
- | CustomLog / | ||
- | | ||
- | ...... | ||
- | |||
- | </ | ||
- | |||
- | </ | ||
- | |||
- | As you can see the main differences are the change of the port (443 instead of 80) in the VirtualHost definition and the SSLxxx line added.\\ | ||
- | Pay particular attention to the **SSLCertificateFile** and **SSLCertificateKeyFile** lines. Here you have to indicate the correct path to the certificate and the key file you created above. | ||
- | \\ | ||
- | |||
- | Restart the httpd server. | ||
- | |||
- | From now, if you connect to https:< | ||
- | \\ | ||
- | \\ | ||
- | Below are the base instruction we used (found somewhere on the net): | ||
- | |||
- | |||
- | |||
- | < | ||
- | Hi Guys, | ||
- | I got my latest SVN 1.3.2 working on FC5 with Apache 2.2.0 over SSL, | ||
- | so decided to just share the same with all. | ||
- | Here we go, | ||
- | |||
- | 1) To install SVN do | ||
- | yum install subversion. | ||
- | |||
- | 2) To create a SSL certificate for Apache do - | ||
- | Step one - create the key and request: | ||
- | openssl req -new > new.cert.csr | ||
- | |||
- | Step two - remove the passphrase from the key (optional): | ||
- | openssl rsa -in privkey.pem -out new.cert.key | ||
- | |||
- | Step three - convert request into signed cert: | ||
- | openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1024 | ||
- | place the keys to following locations & edit the / | ||
- | |||
- | SSLCertificateFile / | ||
- | SSLCertificateKeyFile / | ||
- | |||
- | Test the certificate. | ||
- | |||
- | 3) create / | ||
- | |||
- | chown -R apache: | ||
- | svnadmin create / | ||
- | svn import / | ||
- | svn checkout file:/// | ||
- | |||
- | 4) Edit httpd.conf as follows | ||
- | |||
- | LoadModule dav_svn_module modules/ | ||
- | LoadModule dav_module modules/ | ||
- | LoadModule authz_svn_module modules/ | ||
- | |||
- | < | ||
- | DAV svn | ||
- | SVNPath / | ||
- | # our access control policy | ||
- | AuthzSVNAccessFile / | ||
- | #how to authenticate the users | ||
- | AuthType Basic | ||
- | AuthName " | ||
- | AuthUserFile / | ||
- | # only authenticated users access the SVN | ||
- | Require valid-user | ||
- | SSLRequireSSL | ||
- | </ | ||
- | |||
- | </ |
apache_https.1201612917.txt.gz · Last modified: 2008/01/29 14:21 by damir