Categories
Linux

Apache HTTP Server Version 2.4 installation & SSL Configuration

Enable SSL in httpd.conf
Apache configuration file httpd.conf is located under PREFIX/apache2/conf (eg: /usr/local/apache2/conf).
Uncomment the httpd-ssl.conf Include line and the LoadModule ssl_module line in the /usr/local/apache2/conf/httpd.conf file.
# vi /usr/local/apache2/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf

View the httpd-ssl.conf to review all the default SSL configurations. For most cases, you don’t need to modify anything in this file.
# vi /usr/local/apache2/conf/extra/httpd-ssl.conf
The SSL certificate and key are required before we start the Apache. The server.crt and server.key file mentioned in the httpd-ssl.conf needs to be created before we move forward.
# cd /usr/local/apache2/conf/extra
# egrep 'server.crt|server.key' httpd-ssl.conf
SSLCertificateFile "/usr/local/apache2/conf/server.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
Create server.crt and server.key file
First, Generate the server.key using openssl.
# cd /usr/src
# openssl genrsa -des3 -out server.key 1024
The above command will ask for the password. Make sure to remember this password. You need this while starting your Apache later.
Next, generate a certificate request file (server.csr) using the above server.key file.
# openssl req -new -key server.key -out server.csr
Finally, generate a self signed ssl certificate (server.crt) using the above server.key and server.csr file.
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
After you’ve done with the above steps, you’ll see the following three files under /usr/src
# ls server*
server.crt server.csr server.key
Copy the server.key and server.crt file to appropriate Apache configuration directory location.
cp server.key /usr/local/apache2/conf/
cp server.crt /usr/local/apache2/conf/
Start the Apache
If you are getting the below error message, make sure to uncomment the line shown below in httpd.conf
# /usr/local/apache2/bin/apachectl start
AH00526: Syntax error on line 51 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
Invalid command 'SSLCipherSuite', perhaps misspelled or defined by a module not included in the server configuration

# vi /usr/local/apache2/conf/httpd.conf
LoadModule ssl_module modules/mod_ssl.so

Leave a Reply

Your email address will not be published. Required fields are marked *