To check whether SSL is already loaded by your Apache:
/usr/sbin/httpd -M
If it is not, installed it. After installing it, you should see a file in /etc/httpd/conf.d and a corresponding LoadModule directive there or in the main Apache configuration file.
After you get the module to load, you can start doing the following.
Generating Keys:
cd /usr/local/apache/conf
mkdir ssl
cd ssl
openssl genrsa -out server.key 1024 [generates the private key]
[The public key can be extracted from the private key]
Generating a Certificate Signing Request
openssl req -new -key server.key -out server.csr
This is a formal request so pay attention filling the fields correctly (check the instructions given carefully)
Signing your own certificate
You can get a certificate signed by a CA or you can sign it by yourself (for testing and intranet purpose):
openssl x509 -req- days 365 -in server.csr -signkey server.key -out server.crt
Secure the ssl directory with permission 400!
Configuring SSL
Now you can configure the file mod_ssl.conf in the conf.d directory changing some default value and setting the virtual hosts you are interested in.
Make sure the users can’t access the pages with http rathen than https!
You should be able to do so by:
- removing preexisting Virtual Hosts directives on the port 80
- using Rewriting rules
- using the mod_ssl SSLRequire directive
From the book:
Apache Security, by Ivan Ristic, O’Reilly
