x2xtreme's Apache-SSL Guide
Created on June 16th, 2000.
"Apache-SSL is a secure Webserver, based on Apache and SSLeay/ OpenSSL. It is licensed under a BSD-style licence, which means, in short, that you are free to use it for commercial or non-commercial purposes (although you are advised to read the SSLeay Is this legal? FAQ before deploying a server), so long as you retain the copyright notices. This is the same licence as used by Apache from version 0.8.15."
Apache-SSL has the same purpose of mod-ssl, however the configuration of apache-ssl tends to be alot harder. On the other hand an apache-ssl installation is more easily expandable than mod-ssl as for adding php,mysql, etc.
First grab the Apache 1.3.12 source from http://www.apache.org/dist/, then get the apache_1.3.12+ssl patch from here (get the latest) and finally you will need openssl-0.9.5a which can be found at http://www.openssl.org/source/.
Next you will need to move the apache and OpenSSL files into /usr/local and untar them by running the following commands:
tar -zxvf openssl-0.9.5a.tar.gz tar -zxvf apache-1.3.12.tar.gz
Now, Untar the ApacheSSL patch in the Apache source directory that was created when you untar'ed the files. (/usr/local/apache_1.3.12)
Move into the the apache src directory (/usr/local/apache_1.3.12) and execute the apachessl patch script by running:
cd /usr/local/apache_1.3.12 ./Fixpatch
Configure and compile apache as you normally would and make a test certificate.
./configure --prefix=/usr/local/apachessl --enable-shared-max make cd src make certificate (follow prompts from here) make install
Now you need to copy a few files:
Cd to /usr/local/apache_1.3.12 and copy the directory "src" to /usr/local/apachessl
Cd to /usr/local/apache_1.3.12/SSlconf/conf and copy "httpd.conf to /usr/local/apachessl/conf/httpsd.conf
Cd to /usr/local/apache_1.3.12/SSlconf/conf and copy "httpsd.pem" to /usr/local/apachessl/conf/httpsd.pem
Edit /usr/local/apachessl/conf/httpsd.conf (get conformable this is gonna take a while)
Change the following to match your box:
-User root to User nobody (it's bad for apache to run as root)
-Group root to Group nobody
-Uncomment the LoadModules and change there paths to match your box
-Ca list sending is uncommented for testing purposes only, comment once your server is a production box
-Comment SSLRandomFile /dev/urandom 1024
-Look for a batch of lines that read
Port 8888 Listen 8887 Listen 888*
Change this to:
Port 443 Listen 443 #Listen80 (use only if you want to run a ssl/non ssl server)
-DocumentRoot /usr/local/apachessl/htdocs
-SSLCacheServer path to match /usr/local/apachessl/src/modules/ssl/gcache
-SSLCACertificatePath to match the path to your certificates.
-SSLCertificateFile
Apache-ssl doesn't support Custom log, nor transfer log so you must
disable them. If you want to log you must use "SSLLogFile /logfilepath"
-Comment out CustomLog (put a hashmark - # infront of the line)
-Comment out TransferLog
To start/stop apache-ssl run the following:
/usr/local/apachessl/bin/httpsdctl start to stop it run: /usr/local/apachessl/bin/httpsdctl stop
Notes:
Make certificate is just a test thing refer to the mod_ssl guide on how to
make your certicates and keys.
When starting apache for the first time, you should tail /usr/local/apachessl/logs/error_log and httpsd_error_log to see if there are any errors.
Having trouble? Got questions? Require further assistance? If so please feel free to visit our Help Forums and ask the experts!