[GLLUG] Apache-SSL
Dpk
dpk@egr.msu.edu
Tue, 16 Apr 2002 12:16:56 -0400
On Tue, Apr 16, 2002 at 12:08:29PM -0400, Mike Szumlinski wrote:
Has anyone set up a secure VirtualHost using apache13 on FreeBSD? I
can't seem to find a good howto out there anywhere. I have it
compiled and installed, but I can't figure out how to generate
certificates and turn on the SSL VirtualHost (my primary host works
fine)
The apache-ssl/mod-ssl and openssl websites should provide you with
this information. If you have problems, this should get you
started... To enerate a self-signed certificate:
openssl md5 * > rand.dat
openssl req -new -rand rand.dat > www.csr
openssl rsa -in privkey.pem -out www.key
openssl x509 -in www.csr -out www.cert -req -signkey www.key -days 365
I would highly recommend using mod-ssl over apache-ssl... you can
search sunmanagers.org for the numerous reasons to do so. Using
mod-ssl, the directives you will want to add to the VirtualHost:
SSLEngine on
SSLVerifyClient 0
SSLVerifyDepth 10
SSLCertificateKeyFile /usr/local/apache/certs/www.key
SSLCertificateFile /usr/local/apache/certs/www.cert
SSLCACertificatePath /usr/local/apache/certs
Hope this helps.
Dpk