===== Apache https config =====
==== httpd.conf ====
I order to activate the https support you have to check that in the /etc/httpd/conf/httpd.conf the support for VirtualHost is activated and that the NameVirtualHost is configured as this:
NameVirtualHost :80
NameVirtualHost :443
Avoid the format
NameVirtualHost *:80
NameVirtualHost *:443
as this doesn't permit the creation of multiple https instances on the server.
==== Creation of certificate ====
For a self-Signed certificate we must create the Certification Autority (ourself) certificate, and then create the couple certificate/key for the ssl support.
* Create the CA certificate (valid 10 years)
'' openssl req -new -days 3560 > .csr ''
* Split of the certificate and the key
'' openssl rsa -in privkey.pem -out .key ''
* Generate the self-signed certificate for the web server
'' openssl x509 -in .csr -out .cert -req -signkey .key -days 3560''
* Move the files on the right directories
''mv .cert /etc/pki/tls/certs/ \\ mv .key /etc/pki/tls/private/ ''
==== VirtualHost config ====
Create an istance for a VirtualHost using the same informations you have for a plain VirtualHost. if you have a istance like this:
:80>
ServerAdmin webmaster@
ServerName
ServerAlias
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/.error_log
CustomLog /var/log/httpd/.access_log combined
.....
copy it to a second istance with these modifications
ServerAdmin webmaster@
ServerName
ServerAlias
DocumentRoot /var/www/html
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/pki/tls/certs/.cert
SSLCertificateKeyFile /etc/pki/tls/private/.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
ErrorLog /var/log/httpd/.error_log
CustomLog /var/log/httpd/.access_log combined
......
As you can see the main differences are the change of the port (443 instead of 80) in the VirtualHost definition and the SSLxxx line added.\\
Pay particular attention to the **SSLCertificateFile** and **SSLCertificateKeyFile** lines. Here you have to indicate the correct path to the certificate and the key file you created above.
\\
Restart the httpd server.
From now, if you connect to https: you are asked to accept the certificate (the Self-Signed certificate aren't automatically accepted by browsers. After the acceptance your web session is encrypted with the ssl protocol.\\
==== Basic Information ====
Below are the base instruction we used (found somewhere on the net):
Hi Guys,
I got my latest SVN 1.3.2 working on FC5 with Apache 2.2.0 over SSL,
so decided to just share the same with all.
Here we go,
1) To install SVN do
yum install subversion.
2) To create a SSL certificate for Apache do -
Step one - create the key and request:
openssl req -new > new.cert.csr
Step two - remove the passphrase from the key (optional):
openssl rsa -in privkey.pem -out new.cert.key
Step three - convert request into signed cert:
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1024
place the keys to following locations & edit the /etc/httpd/conf.d/ssl.conf as follows -
SSLCertificateFile /etc/pki/tls/certs/new.cert.cert
SSLCertificateKeyFile /etc/pki/tls/private/new.cert.key
Test the certificate.
3) create /home/subversion/repository & /home/subversion/permissions
chown -R apache:apache /home/subversion/repository
svnadmin create /home/subversion/repository
svn import /tmp/project1 file:///home/subversion/repository/project1 -m "initial import"
svn checkout file:///home/subversion/repository/project1 project1
4) Edit httpd.conf as follows
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule dav_module modules/mod_dav.so
LoadModule authz_svn_module modules/mod_authz_svn.so
DAV svn
SVNPath /home/subversion/repository/
# our access control policy
AuthzSVNAccessFile /home/subversion/permissions/svnauthorz.conf
#how to authenticate the users
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /var/www/.htpasswd
# only authenticated users access the SVN
Require valid-user
SSLRequireSSL