User Tools

Site Tools


apache_https

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
apache_https [2008/01/29 14:23] damirapache_https [2008/01/29 14:26] (current) – removed damir
Line 1: Line 1:
-===== Apache https config ===== 
  
-==== httpd.conf ==== 
-I order to activate the https support you have to check that in the /etc/httpd/conf/httpd.conf the support for VirtualHost is activated and that the NameVirtualHost is configured as this: 
-<code> 
-NameVirtualHost <ip of the web server>:80 
-NameVirtualHost <ip of the web server>:443 
-</code> 
- 
-Avoid the format 
-<code> 
-NameVirtualHost *:80 
-NameVirtualHost *:443 
-</code> 
- 
-as this doesn't permit the creation of multiple https instances on the server. 
- 
-==== Creation of certificate ==== 
-For a self-Signed certificate we must create the Certification Autority (ourself) certificate, and then create the couple certificate/key for the ssl support. 
-  * Create the CA certificate (valid 10 years) 
-    '' openssl req -new -days 3560 > <name of server>.csr '' 
-  * Split of the certificate and the key 
-    '' openssl rsa -in privkey.pem -out <name of server>.key '' 
-  * Generate the self-signed certificate for the web server 
-    '' openssl x509 -in <name of server>.csr -out <name of web server>.cert -req -signkey <name of server>.key -days 3560'' 
-  * Move the files on the right directories 
-   ''mv <name of server>.cert /etc/pki/tls/certs/ \\ mv <name of server>.key /etc/pki/tls/private/ '' 
- 
-==== VirtualHost config ==== 
- 
-Create an istance for a VirtualHost using the same informations you have for a plain VirtualHost. if you have a istance like this: 
-<code> 
-<VirtualHost <ip>:80> 
-    ServerAdmin webmaster@<dmain> 
-    ServerName <name.domain> 
-    ServerAlias <name> 
- 
-    DocumentRoot /var/www/html 
- 
-    ErrorLog  /var/log/httpd/<xxx>.error_log 
-    CustomLog /var/log/httpd/<xxx>.access_log combined 
- 
-    ..... 
- 
-</VirtualHost> 
-</code> 
- 
-copy it to a second istance with these modifications 
- 
-<code> 
-<VirtualHost 128.178.70.2:443> 
-    ServerAdmin webmaster@<domain> 
-    ServerName <name.domain> 
-    ServerAlias <name> 
- 
-    DocumentRoot /var/www/html 
- 
-    SSLEngine on 
-    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL 
- 
-    SSLCertificateFile /etc/pki/tls/certs/<name of web server>.cert 
-    SSLCertificateKeyFile /etc/pki/tls/private/<name of web server>.key 
- 
-    SetEnvIf User-Agent ".*MSIE.*" \ 
-    nokeepalive ssl-unclean-shutdown \ 
-    downgrade-1.0 force-response-1.0 
- 
-    ErrorLog  /var/log/httpd/<xxx>.error_log 
-    CustomLog /var/log/httpd/<xxx>.access_log combined 
-     
-    ...... 
- 
-</VirtualHost> 
- 
-</code> 
- 
-As you can see the main differences are the change of the port (443 instead of 80) in the VirtualHost definition and the SSLxxx line added.\\ 
-Pay particular attention to the **SSLCertificateFile** and **SSLCertificateKeyFile** lines. Here you have to indicate the correct path to the certificate and the key file you created above. 
-\\ 
- 
-Restart the httpd server. 
- 
-From now, if you connect to https:<name of server web> you are asked to accept the certificate (the Self-Signed certificate aren't automatically accepted by browsers. After the acceptance your web session is encrypted with the ssl protocol.\\ 
- 
-==== Basic Information ==== 
-Below are the base instruction we used (found somewhere on the net): 
- 
- 
- 
-<code> 
-Hi Guys, 
-I got my latest SVN 1.3.2 working on FC5 with Apache 2.2.0 over SSL, 
-so decided to just share the same with all. 
-Here we go, 
- 
-1) To install SVN do 
-yum install subversion. 
- 
-2) To create a SSL certificate for Apache do - 
-Step one - create the key and request: 
-openssl req -new > new.cert.csr 
- 
-Step two - remove the passphrase from the key (optional): 
-openssl rsa -in privkey.pem -out new.cert.key 
- 
-Step three - convert request into signed cert: 
-openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1024 
-place the keys to following locations & edit the /etc/httpd/conf.d/ssl.conf as follows - 
- 
-SSLCertificateFile /etc/pki/tls/certs/new.cert.cert 
-SSLCertificateKeyFile /etc/pki/tls/private/new.cert.key 
- 
-Test the certificate. 
- 
-3) create /home/subversion/repository & /home/subversion/permissions 
- 
-chown -R apache:apache /home/subversion/repository 
-svnadmin create /home/subversion/repository 
-svn import /tmp/project1 file:///home/subversion/repository/project1 -m "initial import" 
-svn checkout file:///home/subversion/repository/project1 project1 
- 
-4) Edit httpd.conf as follows 
- 
-LoadModule dav_svn_module modules/mod_dav_svn.so 
-LoadModule dav_module modules/mod_dav.so 
-LoadModule authz_svn_module modules/mod_authz_svn.so 
- 
-<Location /svn> 
-DAV svn 
-SVNPath /home/subversion/repository/ 
-# our access control policy 
-AuthzSVNAccessFile /home/subversion/permissions/svnauthorz.conf 
-#how to authenticate the users 
-AuthType Basic 
-AuthName "Subversion Repository" 
-AuthUserFile /var/www/.htpasswd 
-# only authenticated users access the SVN 
-Require valid-user 
-SSLRequireSSL 
-</Location> 
- 
-</code> 
apache_https.1201612993.txt.gz · Last modified: 2008/01/29 14:23 by damir