Originally Posted by sadique
How we can enable apache with SSL support in the way we can host sites both with http and https prefix. Is it possible in the same ip in a name based virtual hosting.
Originally Posted by sadique
"Apache-SSL is a secure Webserver, based on Apache and SSLeay/ OpenSSL. It is licensed under a BSD-style licence, which means, in short, that you are free to use it for commercial or non-commercial purposes (although you are advised to read the SSLeay Is this legal? FAQ before deploying a server), so long as you retain the copyright notices. This is the same licence as used by Apache from version 0.8.15."
Apache-SSL has the same purpose of mod-ssl, however the configuration of apache-ssl tends to be alot harder. On the other hand an apache-ssl installation is more easily expandable than mod-ssl as for adding php,mysql, etc.
First grab the Apache 1.3.12 source from http://www.apache.org/dist/, then get the apache_1.3.12+ssl patch from here (get the latest) and finally you will need openssl-0.9.5a which can be found at http://www.openssl.org/source/.
Next you will need to move the apache and OpenSSL files into /usr/local and untar them by running the following commands:
tar -zxvf openssl-0.9.5a.tar.gz
tar -zxvf apache-1.3.12.tar.gz
Now, Untar the ApacheSSL patch in the Apache source directory that was created when you untar'ed the files. (/usr/local/apache_1.3.12)
Move into the the apache src directory (/usr/local/apache_1.3.12) and execute the apachessl patch script by running:
Configure and compile apache as you normally would and make a test certificate.
./configure --prefix=/usr/local/apachessl --enable-shared-max
make certificate (follow prompts from here)
Now you need to copy a few files:
Cd to /usr/local/apache_1.3.12 and copy the directory "src" to /usr/local/apachessl
Cd to /usr/local/apache_1.3.12/SSlconf/conf and copy "httpd.conf to /usr/local/apachessl/conf/httpsd.conf
Cd to /usr/local/apache_1.3.12/SSlconf/conf and copy "httpsd.pem" to /usr/local/apachessl/conf/httpsd.pem
Edit /usr/local/apachessl/conf/httpsd.conf (get conformable this is gonna take a while)
Change the following to match your box:
-User root to User nobody (it's bad for apache to run as root)
-Group root to Group nobody
-Uncomment the LoadModules and change there paths to match your box
-Ca list sending is uncommented for testing purposes only, comment once your server is a production box
-Comment SSLRandomFile /dev/urandom 1024
-Look for a batch of lines that read
Change this to:
#Listen80 (use only if you want to run a ssl/non ssl server)
-SSLCacheServer path to match /usr/local/apachessl/src/modules/ssl/gcache
-SSLCACertificatePath to match the path to your certificates.
Apache-ssl doesn't support Custom log, nor transfer log so you must disable them. If you want to log you must use "SSLLogFile /logfilepath"
-Comment out CustomLog (put a hashmark - # infront of the line)
-Comment out TransferLog
To start/stop apache-ssl run the following:
to stop it run:
Make certificate is just a test thing refer to the mod_ssl guide on how to make your certicates and keys.
When starting apache for the first time, you should tail /usr/local/apachessl/logs/error_log and httpsd_error_log to see if there are any errors.
Having trouble? Got questions? Require further assistance? If so please feel free to contact me !!