[GLLUG] Apache-SSL

Mike Szumlinski szumlin@msu.edu
Tue, 16 Apr 2002 12:25:21 -0400


This is what I get when I try firing it up...

bash-2.05a$ sudo apachectl startssl
Syntax error on line 1081 of /usr/local/etc/apache/httpd.conf:
Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module 
not included in the server configuration
/usr/local/sbin/apachectl startssl: httpd could not be started

Here is my virtual host setup, and I moved the certificates I generated 
to the directories listed in it. Any ideas anyone?

<VirtualHost *>
	ServerAdmin compstor@msu.edu
	DocumentRoot /usr/local/www/secure
	ServerName cstore-secure.cl.msu.edu		
	SSLEngine on
	SSLVerifyClient 0
	SSLVerifyDepth 10
	SSLCertificateKeyFile /usr/local/www/certs/www.key
	SSLCertificateFile /usr/local/www/certs/www.cert
	SSLCACertificatePath /usr/local/www/certs
</VirtualHost>

-Mike

On Tuesday, April 16, 2002, at 12:16  PM, Dpk wrote:

> On Tue, Apr 16, 2002 at 12:08:29PM -0400, Mike Szumlinski wrote:
>
>    Has anyone set up a secure VirtualHost using apache13 on FreeBSD? I
>    can't seem to find a good howto out there anywhere. I have it
>    compiled and installed, but I can't figure out how to generate
>    certificates and turn on the SSL VirtualHost (my primary host works
>    fine)
>
> The apache-ssl/mod-ssl and openssl websites should provide you with
> this information.  If you have problems, this should get you
> started...  To enerate a self-signed certificate:
>
> openssl  md5 * > rand.dat
> openssl req -new -rand rand.dat > www.csr
> openssl rsa -in privkey.pem -out www.key
> openssl x509 -in www.csr -out www.cert -req -signkey www.key -days 365
>
> I would highly recommend using mod-ssl over apache-ssl... you can
> search sunmanagers.org for the numerous reasons to do so.  Using
> mod-ssl, the directives you will want to add to the VirtualHost:
>
> SSLEngine on
> SSLVerifyClient 0
> SSLVerifyDepth 10
> SSLCertificateKeyFile /usr/local/apache/certs/www.key
> SSLCertificateFile /usr/local/apache/certs/www.cert
> SSLCACertificatePath /usr/local/apache/certs
>
> Hope this helps.
>
> Dpk
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user