[GLLUG] Apache-SSL
Mike Szumlinski
szumlin@msu.edu
Tue, 16 Apr 2002 12:25:21 -0400
This is what I get when I try firing it up...
bash-2.05a$ sudo apachectl startssl
Syntax error on line 1081 of /usr/local/etc/apache/httpd.conf:
Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module
not included in the server configuration
/usr/local/sbin/apachectl startssl: httpd could not be started
Here is my virtual host setup, and I moved the certificates I generated
to the directories listed in it. Any ideas anyone?
<VirtualHost *>
ServerAdmin compstor@msu.edu
DocumentRoot /usr/local/www/secure
ServerName cstore-secure.cl.msu.edu
SSLEngine on
SSLVerifyClient 0
SSLVerifyDepth 10
SSLCertificateKeyFile /usr/local/www/certs/www.key
SSLCertificateFile /usr/local/www/certs/www.cert
SSLCACertificatePath /usr/local/www/certs
</VirtualHost>
-Mike
On Tuesday, April 16, 2002, at 12:16 PM, Dpk wrote:
> On Tue, Apr 16, 2002 at 12:08:29PM -0400, Mike Szumlinski wrote:
>
> Has anyone set up a secure VirtualHost using apache13 on FreeBSD? I
> can't seem to find a good howto out there anywhere. I have it
> compiled and installed, but I can't figure out how to generate
> certificates and turn on the SSL VirtualHost (my primary host works
> fine)
>
> The apache-ssl/mod-ssl and openssl websites should provide you with
> this information. If you have problems, this should get you
> started... To enerate a self-signed certificate:
>
> openssl md5 * > rand.dat
> openssl req -new -rand rand.dat > www.csr
> openssl rsa -in privkey.pem -out www.key
> openssl x509 -in www.csr -out www.cert -req -signkey www.key -days 365
>
> I would highly recommend using mod-ssl over apache-ssl... you can
> search sunmanagers.org for the numerous reasons to do so. Using
> mod-ssl, the directives you will want to add to the VirtualHost:
>
> SSLEngine on
> SSLVerifyClient 0
> SSLVerifyDepth 10
> SSLCertificateKeyFile /usr/local/apache/certs/www.key
> SSLCertificateFile /usr/local/apache/certs/www.cert
> SSLCACertificatePath /usr/local/apache/certs
>
> Hope this helps.
>
> Dpk
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user