This is an old revision of the document!
Apache https config
httpd.conf
I order to activate the https support you have to check that in the /etc/httpd/conf/httpd.conf the support for VirtualHost is activated and that the NameVirtualHost is configured as this:
NameVirtualHost <ip of the web server>:80 NameVirtualHost <ip of the web server>:443
Avoid the format
NameVirtualHost *:80 NameVirtualHost *:443
as this doesn't permit the creation of multiple https instances on the server.
Creation of certificate
For a self-Signed certificate we must create the Certification Autority (ourself) certificate, and then create the couple certificate/key for the ssl support.
- Create the CA certificate (valid 10 years)
openssl req -new -days 3560 > <name of server>.csr
- Split of the certificate and the key
openssl rsa -in privkey.pem -out <name of server>.key
- Generate the self-signed certificate for the web server
openssl x509 -in <name of server>.csr -out <name of web server>.cert -req -signkey <name of server>.key -days 3560
- Move the files on the right directories
mv *.cert /etc/pki/tls/certs/
mv *.key /etc/pki/tls/private/
VirtualHost config
Create an istance for a VirtualHost using the same informations you have for a plain VirtualHost. if you have a istance like this:
<VirtualHost <ip>:80>
ServerAdmin webmaster@<dmain>
ServerName <name.domain>
ServerAlias <name>
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/<xxx>.error_log
CustomLog /var/log/httpd/<xxx>.access_log combined
.....
</VirtualHost>
copy it to a second istance with these modifications
<VirtualHost 128.178.70.2:443>
ServerAdmin webmaster@<domain>
ServerName <name.domain>
ServerAlias <name>
DocumentRoot /var/www/html
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/pki/tls/certs/<name of web server>.cert
SSLCertificateKeyFile /etc/pki/tls/private/<name of web server>.key
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
ErrorLog /var/log/httpd/<xxx>.error_log
CustomLog /var/log/httpd/<xxx>.access_log combined
......
</VirtualHost>
Restart the httpd server.
From now, if you connect to https:<name of server web> you are asked to accept the certificate (the Self-Signed certificate aren't automatically accepted by browsers. After the acceptance your web session is encrypted with the ssl protocol.
Hi Guys, I got my latest SVN 1.3.2 working on FC5 with Apache 2.2.0 over SSL, so decided to just share the same with all. Here we go, 1) To install SVN do yum install subversion. 2) To create a SSL certificate for Apache do - Step one - create the key and request: openssl req -new > new.cert.csr Step two - remove the passphrase from the key (optional): openssl rsa -in privkey.pem -out new.cert.key Step three - convert request into signed cert: openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1024 place the keys to following locations & edit the /etc/httpd/conf.d/ssl.conf as follows - SSLCertificateFile /etc/pki/tls/certs/new.cert.cert SSLCertificateKeyFile /etc/pki/tls/private/new.cert.key Test the certificate. 3) create /home/subversion/repository & /home/subversion/permissions chown -R apache:apache /home/subversion/repository svnadmin create /home/subversion/repository svn import /tmp/project1 file:///home/subversion/repository/project1 -m "initial import" svn checkout file:///home/subversion/repository/project1 project1 4) Edit httpd.conf as follows LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule dav_module modules/mod_dav.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /svn> DAV svn SVNPath /home/subversion/repository/ # our access control policy AuthzSVNAccessFile /home/subversion/permissions/svnauthorz.conf #how to authenticate the users AuthType Basic AuthName "Subversion Repository" AuthUserFile /var/www/.htpasswd # only authenticated users access the SVN Require valid-user SSLRequireSSL </Location>