DelphiFAQ Home Search:

Providing a https server using Apache and OpenSSL


comments1 comments. Current rating: 4 stars (1 votes). Leave comments and/ or rate it.

This article assumes that you have Apache 2.0 already installed on Unix. (The steps would basically be the same in Windows though.) Further you need:

- mod-ssl-2.2.6 or later
- OpenSSL-0.9.5a or later
- a digital SSL certificate e.g. from VeriSign

You must compile the OpenSSL package first
$ ./config
$ make
$ make test
$ make install

Then compile and install mod_ssl (if not already installed):

$ cd mod_ssl-2.6.x-1.3.x
$ ./configure \
--with-apache=../apache_1.3.x \
--with-ssl=../openssl-0.9.x \
--with-mm=../mm-1.1.x \
--with-crt=/path/to/your/server.crt \
--with-key=/path/to/your/server.key \
$ cd ../apache_1.3.x
$ make
$ make certificate
$ make install

Configure commonhttpd.conf for SSL Support

After Apache mod-ssl is installed, you can configure your httpd config file like you would for a normal site.
You have to setup your SSL secure site through a VirtualHost. The apache configuration will look like this:

DocumentRoot /home/httpd/oursite/
ErrorLog /var/log/httpd/oursite-errors_log
TransferLog /var/log/httpd/oursite-transfers_log

To add SSL support to your VirtualHost you must enable it and tell it where you have your certificate and key to decrypt it with:

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

Now you can start up Apache in SSL mode by typing the following:

[root@machine42 #] /usr/sbin/httpd -startssl
read RSA key
Enter PEM pass phrase:

It will ask you for a password to decrypt your key for the SSL encryption.
This could prevent apache from working on startup if started unattended.
You can work around this but it's less secure than. Go to where you stored httpd.conf and in the ssl.key directory you should see server.key.
This file server.keycontains your encrypted key. Now you can decrypt the key permently. Make a backup of this file:

[root@machine42 #] cp /path/to/apache-conf/ssl.key/server.key server.key.old

Decrypt the key using the OpenSSL tool:

[root@machine42 #] /usr/sbin/openssl rsa -in server.key.old -out server.key
read RSA key
Enter PEM pass phrase:

It will prompt you for your password and decrypt your key. server.key now contains an unencrypted key. You must still start apache with httpd --startssl or the start-up file included with your RPM or dpkg.


2005-11-05, 03:21:08
anonymous from Germany  



NEW: Optional: Register   Login
Email address (not necessary):

Rate as
Hide my email when showing my comment.
Please notify me once a day about new comments on this topic.
Please provide a valid email address if you select this option, or post under a registered account.

Show city and country
Show country only
Hide my location
You can mark text as 'quoted' by putting [quote] .. [/quote] around it.
Please type in the code:

Please do not post inappropriate pictures. Inappropriate pictures include pictures of minors and nudity.
The owner of this web site reserves the right to delete such material.

photo Add a picture: