<LOGIN> October 18, 2017, 8:50 pm
mod_ssl and OpenSSL
   

Assumptions

The following assumptions are made:

  • Apache 2.0.55 is already installed properly.

  • Apache directory are named from the standard defaults i.e. Apache Group/Apache2/...

Copy Download files

  • Copy both dll files, ssleay32.dll and libeay32.dll, from Download-2 to your WINNT/system32 directory.

  • Copy the openssl.exe from Download-4 to Apache Group/Apache2/Bin directory

  • Copy the OpenSSL configuration file openssl.cnf from Download-5 to your Apache Group/Apache2/Bin directory

  • Copy the Apache module mod_ssl.so from Download-1 to your Apache Group/Apache2/module directory

  • Copy the ssl configuration file ssl.conf from Download-3 to your Apache Group/Apache2/conf directory

Modify Configurations files

You will need to modify two configuration files, http.conf and ssl.conf

http.conf

  • Look for the "LoadModule" section in the http.conf file and remove the comment for the following line:
    (If its not there simply copy and paste this line within the "LoadModule" section)
    LoadModule ssl_module modules/mod_ssl.so

  • Make sure that you have an Include statement in the http.conf so that the http.conf will include the directives from the ssl.conf file. The end result is somewhat like one big conf file, because of this make sure you dont repeat the same statements in both conf files. For example if you specific the directive Listen 443 in the ssl.conf and also in the http.conf Apache will issuse a overlap warning.

    # Bring in additional module-specific configurations
    <IfModule mod_ssl.c>
        Include conf/ssl.conf
    </IfModule>

ssl.conf

The setup in our example will define the <VirtualHost> supporting SSL through port 443 in the ssl.conf file. We can of course define the <VirtualHost> directive supporting SSL directives in the http.conf file as shown below , to do so we must also have a Listen 443 in http.conf or ssl.conf. Regardless, I prefer to keep all the SSL related directives & statements together with the ssl.conf.

  • Include the following lines in the ssl.conf file:
    Listen 443
    SSLSessionCache none
    SSLMutex none

  • Include or make sure you have the following lines for the general setup of the virtual host in the ssl.conf file.
    (You will need to change the red to your own settings). However, to follow the example leave my-server as
    my-server.

    <VirtualHost 192.168.xxx.xxx:443>
        DocumentRoot "c:/my/webpages"
        ServerName www.my-server.com:443
        ServerAdmin my@email.com
        ErrorLog logs/mySSLerror.log
        SSLEngine on
        LogLevel info
        TransferLog logs/access_log

        <Directory "c:/Apache Group/Apache2/cgi-bin">

        SSLCertificateFile "c:/Apache Group/Apache2/conf/ssl/my-server.cert"
        SSLCertificateKeyFile "c:/Apache Group/Apache2/conf/ssl/my-server.key"
        - - -
        - - -
        - - -
    </VirtualHost>

  • Comment out both start/end IfDefine tags.
        #<IfDefine SSL>
        - - -
        - - -
        - - -
        #</IfDefine>

    If you perfer not to comment out both start/end IfDefine tags you will be required to start Apache server using the -D SSL option for SSL support.

Creating the Keys

The next section will explain how to create the Certificate and Keys required for SSL support.

   


Related Articles




Copyright © 1996 - 2013 JM Solutions, Inc. Houston, TX - All rights reserved.
Website Design & Developed by JM Solutions   Webmaster