| View previous topic :: View next topic |
| Author |
Message |
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
 Posted: Wed Aug 15, 2007 2:12 pm Post subject: how to ssl + apache2 [SOLVED with self signed cert] |
 |
|
Hi,
I want to know the steps for using SSL with HTTP ( Apache2 ) on Gentoo x86_64
I am using Apache2 and I want to use a self signed SSL certificate for my machine on which http://<full host name> works.
I have Openssl installed.
I don't know the exact steps involved in this generation of private key and certificate ( i don't want to generate CSR because i am not paying any one for signing certificate)
and making it work with Apache2 !
Please let me know ,
Thanks
Last edited by upengan78 on Thu Aug 16, 2007 9:53 pm; edited 1 time in total |
|
| Back to top |
|
 |
HeissFuss
Guru
Joined: 11 Jan 2005
Posts: 414
|
| Posted: Wed Aug 15, 2007 2:50 pm Post subject: |
|
|
| Go here and ignore the instructions on postfix. |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Wed Aug 15, 2007 5:47 pm Post subject: |
|
|
thanks but DID NOT help
because apache restarts after that and works well with http only.
there is simply no ssl port for https . after running nmap 443 port is absent amongst the ports my machine is listening to. ??
is there something missing in virtual host config i dont know
most of docs suggest /etc/apache2/conf/ssl but infact al seems installed in /etc/apach2/ssl and no conf directory there.
but /etc/apache2/ssl is a link to /usr/lib/apache2/conf/ssl
anyway ssl or https does not even start for me !
| Quote: |
/usr/sbin/apache2 -S
[Wed Aug 15 13:08:53 2007] [warn] NameVirtualHost *:80 has no VirtualHosts
VirtualHost configuration:
Syntax OK
-----------
nmap localhost
Starting Nmap 4.20 ( http://insecure.org ) at 2007-08-15 13:09 CDT
Interesting ports on upendra_ots.iit.edu (127.0.0.1):
Not shown: 1687 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
901/tcp open samba-swat
908/tcp open unknown
2049/tcp open nfs
5900/tcp open vnc
---------
emerge mod_ssl
Calculating dependencies -
emerge: there are no ebuilds to satisfy "mod_ssl".
|
|
|
| Back to top |
|
|
HeissFuss
Guru
Joined: 11 Jan 2005
Posts: 414
|
| Posted: Wed Aug 15, 2007 7:47 pm Post subject: |
|
|
In /etc/conf.d/apache2
on line
APACHE2_OPTS=
add
-D SSL -D SSL_DEFAULT_VHOST
Stop and then start apache2. You should be prompted to accept your shamelessly self-signed certificate when you connect (there's a default one which will generate a domain mismatch if you haven't created your own.) |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Wed Aug 15, 2007 7:54 pm Post subject: |
|
|
| Quote: | # /etc/init.d/apache2 restart
* Stopping apache2 ...
[Wed Aug 15 14:51:22 2007] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ ok ]
* Starting apache2 ...
[Wed Aug 15 14:51:22 2007] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ ok ]
|
but it did ask shamelessly as u said, you have rightly figured out the issue HeissFuss !!
dont know about those warnings but
Thanks a lot !!!!  |
|
| Back to top |
|
|
HeissFuss
Guru
Joined: 11 Jan 2005
Posts: 414
|
| Posted: Wed Aug 15, 2007 8:07 pm Post subject: |
|
|
| Did you change any port 80 to 443 in any of the config files or add 443 anywhere? With these settings you shouldn't have needed to change any. |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Wed Aug 15, 2007 8:25 pm Post subject: |
|
|
cd /etc/apache2
[quote
#]egrep 443 */*
modules.d/40_mod_ssl.conf:#Listen 443
modules.d/41_mod_ssl.default-vhost.conf:<VirtualHost _default_:443>
modules.d/41_mod_ssl.default-vhost.conf:ServerName xx.yy.zzz:443
[/quote]
thats it ! no where else i think |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Thu Aug 16, 2007 9:59 pm Post subject: |
|
|
 btw , why does one has to remove the passphrase from the private key to get this ssl goin ?
I wish there were some modifications which could allow the Private Key with a Passphrase use on Apache2 Web server |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Wed Sep 26, 2007 7:29 pm Post subject: |
|
|
Hi
I recetnly did
emerge --sync and emerge -uDvNta world
After this I did etc-update with -5 option
and now when I do /etc/init.d/apache2 restart , it gives following error and neither of port serve pages when checked in browser, earlier it used to work
| Quote: | * Starting apache2 ...
[Wed Sep 26 14:28:51 2007] [warn] _default_ VirtualHost overlap on port 443, the first has precedence [ !! ] |
http://localhost and https://localhost both used to work ealrier !
Please help !! |
|
| Back to top |
|
|
HeissFuss
Guru
Joined: 11 Jan 2005
Posts: 414
|
| Posted: Fri Oct 05, 2007 5:33 pm Post subject: |
|
|
| Don't do a -5 with etc-update unless you're sure none of the new configs affect things that you've hand modified. Your /etc/conf.d/apache2 was probably overwritten, and possibly /etc/apache2/httpd.conf also. |
|
| Back to top |
|
|
upengan78
l33t
Joined: 27 Jun 2007
Posts: 711
Location: IL
|
| Posted: Fri Oct 05, 2007 5:59 pm Post subject: |
|
|
 Well Right thats what happened, I am still confused with those options
-3 -5 |
|
| Back to top |
|
|
|
Networking & Security
