User Tools

Site Tools


apache_https

This is an old revision of the document!


Apache https config

httpd.conf

I order to activate the https support you have to check that in the /etc/httpd/conf/httpd.conf the support for VirtualHost is activated and that the NameVirtualHost is configured as this:

NameVirtualHost <ip of the web server>:80
NameVirtualHost <ip of the web server>:443

Avoid the format

NameVirtualHost *:80
NameVirtualHost *:443

as this doesn't permit the creation of multiple https instances on the server.

Creation of certificate

For a self-Signed certificate we must create the Certification Autority (ourself) certificate, and then create the couple certificate/key for the ssl support.

  1. Create the CA certificate (valid 10 years)

openssl req -new -days 3560 > <name of server>.csr

  1. Split of the certificate and the key

openssl rsa -in privkey.pem -out <name of server>.key

  1. Generate the self-signed certificate for the web server

openssl x509 -in <name of server>.csr -out <name of web server>.cert -req -signkey <name of server>.key -days 3560

  1. Move the files on the right directories

mv *.cert /etc/pki/tls/certs/

 mv *.key /etc/pki/tls/private/

VirtualHost config

Create an istance for a VirtualHost using the same informations you have for a plain VirtualHost. if you have a istance like this:

<VirtualHost <ip>:80>
    ServerAdmin webmaster@<dmain>
    ServerName <name.domain>
    ServerAlias <name>

    DocumentRoot /var/www/html

    ErrorLog  /var/log/httpd/<xxx>.error_log
    CustomLog /var/log/httpd/<xxx>.access_log combined

    .....

</VirtualHost>

copy it to a second istance with these modifications

<VirtualHost 128.178.70.2:443>
    ServerAdmin webmaster@<domain>
    ServerName <name.domain>
    ServerAlias <name>
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/pki/tls/certs/<name of web server>.cert
    SSLCertificateKeyFile /etc/pki/tls/private/<name of web server>.key
    SetEnvIf User-Agent ".*MSIE.*" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

    ErrorLog  /var/log/httpd/<xxx>.error_log
    CustomLog /var/log/httpd/<xxx>.access_log combined
    
    ......

</VirtualHost>

Restart the httpd server.

From now, if you connect to https:<name of server web> you are asked to accept the certificate (the Self-Signed certificate aren't automatically accepted by browsers. After the acceptance your web session is encrypted with the ssl protocol.

Hi Guys,
I got my latest SVN 1.3.2 working on FC5 with Apache 2.2.0 over SSL,
so decided to just share the same with all.
Here we go,

1) To install SVN do
yum install subversion.

2) To create a SSL certificate for Apache do -
Step one - create the key and request:
openssl req -new > new.cert.csr

Step two - remove the passphrase from the key (optional):
openssl rsa -in privkey.pem -out new.cert.key

Step three - convert request into signed cert:
openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1024
place the keys to following locations & edit the /etc/httpd/conf.d/ssl.conf as follows -

SSLCertificateFile /etc/pki/tls/certs/new.cert.cert
SSLCertificateKeyFile /etc/pki/tls/private/new.cert.key

Test the certificate.

3) create /home/subversion/repository & /home/subversion/permissions

chown -R apache:apache /home/subversion/repository
svnadmin create /home/subversion/repository
svn import /tmp/project1 file:///home/subversion/repository/project1 -m "initial import"
svn checkout file:///home/subversion/repository/project1 project1

4) Edit httpd.conf as follows

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule dav_module modules/mod_dav.so
LoadModule authz_svn_module modules/mod_authz_svn.so

<Location /svn>
DAV svn
SVNPath /home/subversion/repository/
# our access control policy
AuthzSVNAccessFile /home/subversion/permissions/svnauthorz.conf
#how to authenticate the users
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /var/www/.htpasswd
# only authenticated users access the SVN
Require valid-user
SSLRequireSSL
</Location>
apache_https.1201611514.txt.gz ยท Last modified: 2008/01/29 13:58 by damir