Apache – How to configure SSL for Apache2 on OpenSuSE 13.1

apache-httpdssl

I have OpenSuSE installed on a virtual hosted Server, running multiple virtual websites. On normal http everything works fine. I now would like to run one of my virtual sites on https in addition to http. Hence I've purchased a SSL certificate.
I've copied my certificate files to the server:

SSLCertificateFile    /etc/apache2/crt/site.crt
SSLCertificateKeyFile /etc/apache2/key/my.key
SSLCACertificateFile  /etc/apache2/ca.txt

I've enabled SSL in Apache Modules in file "/etc/sysconfig/apache2"

APACHE_MODULES="rewrite actions alias auth_basic authn_file authz_host authz_groupfile  authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5 reqtimeout authn_core authz_core alias_module headers"

In /etc/apache2 my listen.conf says:

Listen 80
<IfDefine SSL>
    <IfDefine !NOSSL>
        <IfModule mod_ssl.c>
            Listen 443
        </IfModule>
    </IfDefine>
</IfDefine>

My vhost configuration file says:

<IfDefine SSL>
<IfDefine !NOSSL>
<VirtualHost *:443>
        DocumentRoot "/srv/www/vhosts/dialogis-mediation.de/"
        ServerName dialogis.coach:443
        ServerAdmin juergen.tolksdorf@mac.com
        ErrorLog /var/log/apache2/error_log
        TransferLog /var/log/apache2/access_log
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCertificateFile    /etc/apache2/crt/site.crt
SSLCertificateKeyFile /etc/apache2/key/my.key
SSLCACertificateFile  /etc/apache2/ca.txt
SSLCertificateChainFile /etc/apache2/ca.txt
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory "/srv/www/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-5]" \
                 nokeepalive ssl-unclean-shutdown \
                 downgrade-1.0 force-response-1.0
        CustomLog /var/log/apache2/ssl_request_log   ssl_combined
</VirtualHost>
</IfDefine>
</IfDefine>

Issue right now:
Apache does not even come up with Port 443 enabled.

What I did already:
Added "Listen 443" straight to the next line after "Listen 80 in "listen.conf".
In this case Server listens on Port 443, but gives me the error: "ERR_SSL_PROTOCOL_ERROR" in Chrome.

I'm not quite sure what I'm configuring wrong.

Best Answer

You also need to add the SSL flag to APACHE_SERVER_FLAGS in /etc/sysconfig/apache2.

# Notably, to enable ssl support, 'SSL' needs to be added here.
# To enable the server-status, 'STATUS' needs to be added here.
#
# It does not matter if you write flag1, -D flag1 or -Dflag1.
# Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2".
#
# Specifying such flags here is equivalent to giving them on the commandline.
# (e.g. via rcapache2 start -DReverseProxy)
#
# Example:
#      "SSL STATUS AWSTATS SVN_VIEWCVS no_subversion_today"
#
APACHE_SERVER_FLAGS="SSL"
Related Question