Differences

This shows you the differences between two versions of the page.

--- apache_https [2008/01/29 14:21] – damir
+++ apache_https [2008/01/29 14:26] (current) – removed damir
@@ Line 1: / Line 1: @@
-===== Apache https config =====
-==== httpd.conf ====
-I order to activate the https support you have to check that in the /etc/httpd/conf/httpd.conf the support for VirtualHost is activated and that the NameVirtualHost is configured as this:
-<code>
-NameVirtualHost <ip of the web server>:80
-NameVirtualHost <ip of the web server>:443
-</code>
-Avoid the format
-<code>
-NameVirtualHost *:80
-NameVirtualHost *:443
-</code>
-as this doesn't permit the creation of multiple https instances on the server.
-==== Creation of certificate ====
-For a self-Signed certificate we must create the Certification Autority (ourself) certificate, and then create the couple certificate/key for the ssl support.
-  * Create the CA certificate (valid 10 years)
-    '' openssl req -new -days 3560 > <name of server>.csr ''
-  * Split of the certificate and the key
-    '' openssl rsa -in privkey.pem -out <name of server>.key ''
-  * Generate the self-signed certificate for the web server
-    '' openssl x509 -in <name of server>.csr -out <name of web server>.cert -req -signkey <name of server>.key -days 3560''
-  * Move the files on the right directories
-   ''mv <name of server>.cert /etc/pki/tls/certs/ \\ mv <name of server>.key /etc/pki/tls/private/ ''
-==== VirtualHost config ====
-Create an istance for a VirtualHost using the same informations you have for a plain VirtualHost. if you have a istance like this:
-<code>
-<VirtualHost <ip>:80>
-    ServerAdmin webmaster@<dmain>
-    ServerName <name.domain>
-    ServerAlias <name>
-    DocumentRoot /var/www/html
-    ErrorLog  /var/log/httpd/<xxx>.error_log
-    CustomLog /var/log/httpd/<xxx>.access_log combined
-    .....
-</VirtualHost>
-</code>
-copy it to a second istance with these modifications
-<code>
-<VirtualHost 128.178.70.2:443>
-    ServerAdmin webmaster@<domain>
-    ServerName <name.domain>
-    ServerAlias <name>
-    DocumentRoot /var/www/html
-    SSLEngine on
-    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
-    SSLCertificateFile /etc/pki/tls/certs/<name of web server>.cert
-    SSLCertificateKeyFile /etc/pki/tls/private/<name of web server>.key
-    SetEnvIf User-Agent ".*MSIE.*" \
-    nokeepalive ssl-unclean-shutdown \
-    downgrade-1.0 force-response-1.0
-    ErrorLog  /var/log/httpd/<xxx>.error_log
-    CustomLog /var/log/httpd/<xxx>.access_log combined
-    ......
-</VirtualHost>
-</code>
-As you can see the main differences are the change of the port (443 instead of 80) in the VirtualHost definition and the SSLxxx line added.\\
-Pay particular attention to the **SSLCertificateFile** and **SSLCertificateKeyFile** lines. Here you have to indicate the correct path to the certificate and the key file you created above.
-\\
-Restart the httpd server.
-From now, if you connect to https:<name of server web> you are asked to accept the certificate (the Self-Signed certificate aren't automatically accepted by browsers. After the acceptance your web session is encrypted with the ssl protocol.\\
-\\
-\\
-Below are the base instruction we used (found somewhere on the net):
-<code>
-Hi Guys,
-I got my latest SVN 1.3.2 working on FC5 with Apache 2.2.0 over SSL,
-so decided to just share the same with all.
-Here we go,
-) To install SVN do
-yum install subversion.
-) To create a SSL certificate for Apache do -
-Step one - create the key and request:
-openssl req -new > new.cert.csr
-Step two - remove the passphrase from the key (optional):
-openssl rsa -in privkey.pem -out new.cert.key
-Step three - convert request into signed cert:
-openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1024
-place the keys to following locations & edit the /etc/httpd/conf.d/ssl.conf as follows -
-SSLCertificateFile /etc/pki/tls/certs/new.cert.cert
-SSLCertificateKeyFile /etc/pki/tls/private/new.cert.key
-Test the certificate.
-) create /home/subversion/repository & /home/subversion/permissions
-chown -R apache:apache /home/subversion/repository
-svnadmin create /home/subversion/repository
-svn import /tmp/project1 file:///home/subversion/repository/project1 -m "initial import"
-svn checkout file:///home/subversion/repository/project1 project1
-) Edit httpd.conf as follows
-LoadModule dav_svn_module modules/mod_dav_svn.so
-LoadModule dav_module modules/mod_dav.so
-LoadModule authz_svn_module modules/mod_authz_svn.so
-<Location /svn>
-DAV svn
-SVNPath /home/subversion/repository/
-# our access control policy
-AuthzSVNAccessFile /home/subversion/permissions/svnauthorz.conf
-#how to authenticate the users
-AuthType Basic
-AuthName "Subversion Repository"
-AuthUserFile /var/www/.htpasswd
-# only authenticated users access the SVN
-Require valid-user
-SSLRequireSSL
-</Location>
-</code>