|
ssl allows relatively secure connections over http using a key ceritficate combination for the http server.to enable https connections the webserver needs to set up a ceritficate. following instructions deal with setting up ssl on a generic linux Apache server but can be geralized to most UNIX Distros. I used the Apache webserver on my Ubuntu (Hardy Heron) laptop as my testing base to set up secure socket layer (SSL). Installing OPENSSL :First step before you do anything is to install openssl in to your machine. On ubuntu openssl comes installed by default. you can check by typing the following at the command line. openssl is a useful tool that lets you generate ssl keys and certificates etc and tons of other useful stuff for ssl. $openssl if you get something like command not found etc. you need to install openss. Here are the commands for ubuntu. $sudo apt-get install openssl For fedora you might try $yum install openssl After this you would have successfully installed openssl. Getting mod_ssl :mod_ssl is the apache package that allows you to actually set up the https connections. mod_ssl depends on a installation of openssl so before you enable it make sure that openssl is pre-installed. to check if mod_ssl is installed run the following command. $ apache2 -l This should show a list of enabled apache modules however, this might not work on some systems. If that is the case you can try the following : $httpd -l Please use the apropriate paths to the bin file apache2 or httpd respectively if neither of the above works. On Ubuntu (hardy) Apache2 you can simply check if the you can see ssl.conf in the list when you type the following. $ ls /etc/apache2/mods-enabled/ Enabling mod_ssl :in ubuntu to enable a installed apache module you can use the command utility a2enmod which simply creates a symlink to a installed module in /etc/apache2/mods-enabled/ from the relevant file in /etc/apache2/mods-available/ Run the following anywhere on the command line: $a2enmod ssl Generate a ssl key :$openssl genrsa -des3 -rand file1:file2:file3 -out www.shantanubhadoria.com.key 1024 here file1, file2 and file3 are just paths to some random large files on the system You will be asked to provide a pass phrase, choose a strong one. If you choose to not secure a key use : $openssl rsa -in www.shantanubhadoria.com.key -out www.shantanubhadoria.com.key.unsecure Check contents of the key by typing : $openssl rsa -noout -text -in www.shantanubhadoria.com.key Create a ceritificate signing request : $openssl req -new -key www.shantanubhadoria.com.key -out www.shantanubhadoria.com.csr You will be prompted for cert informarion. you can see the cret info by typing this : $openssl req -noout -text -in www.example.com.csr alternatively you can create a self signed cert for testing purposes : $openssl x509 -req -days 30 in www.example.com.csr -signkey www.example.com.key -out www.example.com.cert chmod the.key file to 400 and store the .key and .cert files in /etc/apache/ssl/ Setting up the Server
Please refer the tutorial on how to install a virtual host on LAMP server for detailed explanation on Virtual Hosts add a new virtual host or modify an existing virtual host in the .conf file(or default) for the virtual host stored in /etc/apache2/sites-available/ add the following lines in appropriate places (443 is thedefault ssl port) Listen 80 Listen 443 <VirtualHost _default_:443> ServerName http://www.shantanubhadoria.com SSLEngine on SSLCertificateFile /etc/apache2/ssl/www.shantanubhadoria.com.cert SSLCertificateKeyFile /etc/apache2/ssl/www.shantanubhadoria.com.key </VirtualHost> restart apache and use https:// instead of http:// to go to your ssl host instead. congrats !! you are all set up with ssl/tls now |
