Hello System Admin | Where system admins share technical article and tips | Create free Blog | Updates on domains, web hosting, servers and more » SSL Certificate

install mod ssl on apache

Aneesh — Wed, 19 May 2010 06:15:32 +0000

I am going to give you the steps to install mod_ssl on an Apache server by compiling the source.

Download the following packages

1. apache_1.3.14.tar.gz http://www.apache.org

2. openssl-0.9.6.tar.gz http://www.openssl.org

3. mod_ssl-2.7.1-1.3.14.tar.gz http://www.modssl.org

I have created a folder called /downloads/src and downloaded all packages here

Go to Apache source files and compile it as shown below

# ./configure –enable-module=so –enable-module=ssl –enable-module=mod_rewrite

Youc an add whatever module you needed

Now go to openssl folder and compile and install ( you can do this same by using yum or apt-get command)

To compile and install OpenSSL do the following commands

# sh config -fPIC
# make
# make install

At this time you can compile your PHP also. To do that run following commands

# ./configure –with-apache=../apache_1.3.41 –with-gd –with-zlib-dir –with-jpeg-dir –with-png-dir –with-freetype-dir –enable-gd-native-ttf –with-freetype-dir=/usr/lib/ –with-ttf –with-mysql=/usr/local/mysql –with-curl –disable-soap –with-openssl –with-xmlrpc –enable-ftp –with-xsl –with-mysqli=/usr/local/mysql/bin/mysql_config

# make

# make install

Compile Apache and install

Go to the apache Directory and runn following commands

# ./config.status
# make
# make certificate ( This step will be asked some inputs from you for your self signed SSL certificate)
# $ make install

Now you have installed the apache server with a self signed SSL certificate. Now it is the time to add the location of the .CRT file and .KEY file in your apache configuration file. From the above steps you can see the location of these files. Copy those paths.

Now open your httpd.conf file and add the following line

Listen 443

Now create a virtual directory which will listen the port 443

ServerName www.example.com
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

Now save the file and restart your Apache server

# apachectl stop

# apachectl startssl

Enjoy

httpd asking password when starting apache service

Aneesh — Mon, 15 Feb 2010 04:34:26 +0000

When starting httpd ( apache server ) it may ask a password to load the SSL certificate. And you may receive a message like given below

———————————-

[root@server SSL]# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: Apache/2.2.11 mod_ssl/2.2.11 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server www.example.com:443 (RSA)
Enter pass phrase:

—————————————-

When apache needs to load the ssl certificate it needs to read the private key and the crt file. In some case if you encrypted the private key , in order to read the key file you need to provide the password that you used while created the private key. If you wish to avoid this Pass Phrase Dialog you can decrypt the Key file in the following way.

PLEASE KEEP A COPY OF ORIGINAL KEY FILE

cp www.example.com.key www.example.com.key.BAK
openssl rsa -in www.example.com.key -out www.example.com.key

Now start apache server ( httpd service ) and this time you will not get the Pass Phrase Dialog

Safari can’t verify the identity of the website

Aneesh — Thu, 26 Nov 2009 11:02:31 +0000

You may get some error like given below in Mac machines when you browse SSL pages

Safari can’t verify the identity of the website “example.com” The certificate for this website was signed by an unknown certifying authority. You might be connectng tp a website that is preteneing to be “domainname.com”, which could put your confidential information at risk. Would you like to connect to the website anyway ?

To fix the problem add SSLCertificateChainFile to your apache configuration file

SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.example.com.key
SSLCertificateChainFile /etc/httpd/ssl/gd_bundle.crt