domingo, 13 de maio de 2007

Apache2 and SSL on Debian Etch

Yesterday i decided to install the apache2 web server with SSL support. I've tried to follow some tutorials, but just one of them was for Debian Etch and it didn't worked very well on my machine. So in order to try to fulfill that void, i made my own tutorial.

"The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards."

Install apache2 server in Debian Etch

#aptitude install apache2

Install openssl using the following command

#aptitude install openssl ssl-cert

After you install the apache server you'll need to generate in case you don't have one (witch was my case). The certificate is used to ensure a authenticity and integrity of client server communications. It'll be a self signed certificate, so it may generate some warning messages. To avoid this you can get a certificate from a trusted SSL certificate vendor.

Since apache2-ssl-certificate isn't available in etch, we need to use openssl.

To create the certificate do

#openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

Enter the desired information for your certificate and then set the correct permissions for .perm file.

#chmod 600 /etc/apache2/apache.pem

Apache server listen for incoming HTTP requests on port 80, for HTTPS it must listen on port 443, so we need to add this information to the file /etc/apache2/ports.conf.

#nano /etc/apache2/ports.conf

Add the following

Listen 443

and save the file (ctrl+x).

Now you need to enable SSL suport for apache server.

#a2enmod ssl

Restart apache server with

#/etc/init.d/apache2 restart

Note: The command above may not work for you, like it didn't for me, so i used instead

# apache2ctl start

if you get an error like:

# apache2ctl start
apache2: Syntax error on line 189 of /etc/apache2/apache2.conf: Could not open configuration file /etc/apache2/httpd.conf: No such file or directory

Use this, it worked for me

#touch /etc/apache2/httpd.conf

Next step, configuring SSL Certificate to Virtual Hosts in Apache2

Make a copy of /etc/apache2/sites-available/default, change the name and add some lines

#cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

#nano /etc/apache2/sites-available/ssl

change it to something like

NameVirtualHost *:443
<VirtualHost *:443>
ServerAdmin webmaster@localhost

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem



Save the file (ctrl+x)

Now link the file to /etc/apache2/sites-enabled/

#ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl

Restart the server and test your configuration

#/etc/init.d/apache2 restart


# apache2ctl restart