On SuSE 9.1, when you install your software, in YAST2, search for apache. Install all the apache2 items and none of the plain apache ones. If you are not running SuSE, the directory locations may change. Be sure to run the online update in Yast2 because there have been many fixes to both Apache and OpenSSH. If you use php, I have seen Web pages that advise upgrading to the latest versions.
In Yast2 you can configure the non-SSL server in Network
Services/HTTP server. Do not turn on SSL in the default host or else
the non-ssl host (on port 80) will try to look for certificates. Also,
if you have the SuSE firewall turned on, be sure to allow port 443 (or
the port you choose for SSL) through the firewall.
cd /etc/init.dand do
insserv apache2
This will insert apache 2 in the correct startup and shutdown scripts.
There is a good quick start document in/usr/share/doc/packages/apache2/README.QUICKSTART.SSL
But it is not quite enough to do the job.
http://localhost/manual/ssl/ssl_faq.html#aboutcertsand either get a "real" certificate or create your own following the instructions there.
As opposed to manually creating a cert you can do the following
/usr/bin/gensslcert2 (claims SuSE) however in my experience it�€™s actually: /usr/bin/gensslcert
Shamelessly lifted from: http://portal.suse.com/sdb/en/2003/01/apache2-faq.html#ssl
If you are not going to be at the console whenever your computer reboots, follow the instructions for using an unencrypted (but protected) server key. Be sure it is protected with access permissions 400.
If you run gensslcert, you should look at the man page and run it with all of the arguments.
These options are recognized: Default:
-C Common name "$name"
-N comment "$comment"
-c country (two letters, e.g. DE) $C
-s state $ST
-l city $L
-o organisation "$O"
-u organisational unit "$U"
-n fully qualified domain name $CN (\$FQHOSTNAME)
-e email address of webmaster webmaster@$CN
-y days server cert is valid for $srvdays
-Y days CA cert is valid for $CAdays
-d run in debug mode
-h show usage
For example:
/usr/bin/gensslcert -c US -s TN -l "Oak Ridge" -o Your_organization -e your_name@your_isp.com -d -n 192.168.1.10
In particular the CN field is critical because it must be identical to the
ServerName 192.168.1.10
in the virtual host file (discussed later).
gensslcert will put the certificates in the correct directories. If you get a "real" certificate, install the server key in
/etc/apache2/ssl.key/server.keyand the server certificate in
/etc/apache2/ssl.crt/server.crt
As root, you will need to edit several files.
/etc/sysconfig/apache2:
Add ssl to
APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi
dir env expires include log_config mime negotiation setenvif status
suexec userdir ssl"
Add the server flag SSL to turn on
the SSL module configuration file (/etc/apache2/ssl.conf)
APACHE_SERVER_FLAGS="-D SSL"
Increase the startup timeout to allow
a password entry if necessary
APACHE_START_TIMEOUT="5"
In /etc/apache2/vhosts.d,
cp vhost-ssl.template vhost-ssl.conf
You can also copy the vhost.template file to vhost.conf if you want a non-ssl server.
Then edit vhost-ssl.conf.
/etc/apache2/vhosts.d/vhost-ssl.conf:
You must configure the virtual
directory for the server. You can put all the access control directives
and the document root here.
#
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/srv/www/secdocs"
# The ServerName must be identical to the -n field in your certificate
ServerName 192.168.1.10
ServerAdmin your@email.address
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
#Access controls for a directory called noCTRP
<directory /srv/www/secdocs/noCTRP>
AuthType Basic
AuthName "Password Required"
# The file for the passwords for this directory
AuthUserFile /srv/www/passwords/password.noCTRP
require user security
Options Indexes FollowSymLinks
</directory>
There seems to be another problem that several other frustrated people have run across. In spite of putting the
APACHE_SERVER_FLAGS="-D SSL"
in /etc/sysconfig/apache2 file, the system seems to ignore the directive. You can see if this is the case on your system.
As root run
JARDELL:SuSEconfig
JARDELL:/etc/apache2 # httpd2 -D SSL -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443 192.168.1.10 (/etc/apache2/vhosts.d/vhost-ssl.conf:27)
*:80 192.168.1.10 (/etc/apache2/vhosts.d/vhost.conf:1)
Syntax OK
If you do not see the vhost-ssl.conf file, something is rotten in
Denmark.
To aid in determining what is happening, you can also raise the error logging level in /etc/sysconfig/apache2:
APACHE_LOGLEVEL="debug"
This will let you see what the ServerName in the certificate is. If
this name is not identicat to the one in the vhost-ssl.conf file,
apache2 will not start in SSL mode!
rcapache2 startThis command can also be used to restart or stop your server.