Apache – How to configure SSL in apache

apache-httpdconfigurationrhelssl

I have installed apache in RHEL 6. Everything is working fine. What all changes and configurations should be done to use
https://localhost:443/.

If I change the "Listen 80" to 443 it is throwing an SSL connection error

"Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error."

Best Answer

If you are using apache2, then you have to do the following:

Step 1: Use OpenSSL to produce the keys that are used to secure your site. These keys are used when encrypting and decrypting the traffic to your secure site.

$ openssl genrsa -out mydomain.key 1024

This command will create a 1024 bit private key and puts it in the file mydomain.key.

Step 2: Generate your own certificate.

$ openssl req -new -key mydomain.key -x509 -out mydomain.crt

Step 3: Keep the private key in the directory /etc/apache2/ssl.key/ and certificate in the directory /etc/apache2/ssl.crt/.

Note: The ssl.key directory must be only readable by root.

Step 4: Now you need to edit httpd.conf file in /etc/apache2.

Now this file should include content like this:

NameVirtualHost *:80
NameVirtualHost *:443
Listen 443

<VirtualHost *:80>
ServerAdmin webmaster@mydomain.com
DocumentRoot /srv/www/htdocs/mydomain
ServerName www.mydomain.com
ServerAlias mydomain.com
</VirtualHost>


<VirtualHost *:443>
ServerAdmin webmaster@mydomain.com
DocumentRoot /srv/www/htdocs/mydomain-secure
ServerName mail.mydomain.com
SSLEngine on
SSLCertificateFile /etc/apache2/ssl.crt/mydomain.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/mydomain.key
</VirtualHost>


<Directory /srv/www/htdocs/mydomain-secure>
SSLRequireSSL
</Directory>


<VirtualHost *:80>
ServerAdmin webmaster@mydomain.com
DocumentRoot /srv/www/htdocs/mydomain
ServerName mail.mydomain.com
RedirectMatch permanent (/.*) https://mail.mydomain.com$1
</VirtualHost>

Related Solutions

Apache – Can’t disable SSLv3 in Apache + mod_nss

Nothing bad has happened, as you got an handshake error:

error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

How can client/server decide that the version number is wrong without sending bytes?

Remove the -ssl3 from your command and you will see the difference:

SSL handshake has read 4493 bytes and written 499 bytes

Also if the connection is established, s_client waits for your input to transfer it to the server. With no connection, it returns.

Apache – How to configure SSL for Apache2 on OpenSuSE 13.1

You also need to add the SSL flag to APACHE_SERVER_FLAGS in /etc/sysconfig/apache2.

# Notably, to enable ssl support, 'SSL' needs to be added here.
# To enable the server-status, 'STATUS' needs to be added here.
#
# It does not matter if you write flag1, -D flag1 or -Dflag1.
# Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2".
#
# Specifying such flags here is equivalent to giving them on the commandline.
# (e.g. via rcapache2 start -DReverseProxy)
#
# Example:
#      "SSL STATUS AWSTATS SVN_VIEWCVS no_subversion_today"
#
APACHE_SERVER_FLAGS="SSL"

Best Answer

Related Solutions

Apache – Can’t disable SSLv3 in Apache + mod_nss

Apache – How to configure SSL for Apache2 on OpenSuSE 13.1

Related Question