Configuring Apache with a SSL Connection

You can download the latest version of Apache from here: Apache, and the documentation for installing and configuring the server can be found here: Official Docs

(If you are using BackTrack, Apache will be already installed and configured)

The path of Apache is /etc/apache/

(The Apache version shown here is apache2, it will differ if you have a different version)

Steps:

Create a directory for keeping the SSL certificates and go to the directory

mkdir ssl

cd ssl

Create the server key, using the ‘des3’ algorithm with 1024 bits. You will be asked a passphrase which you need to remember

# openssl genrsa -des3 -out server.key 1024

Create the Certificate signing element by providing the passphrase for the server.key and the Certificate details

openssl req -new -key server.key -out server.csr

Create the Certificate using the X509 authentication standard, for a validity of 365 days

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

You can check the list of files created by the ‘ls’ command, and to watch the contents of these files by ‘cat’ command

Start the apache server by the following command

/etc/init.d/apache2 start 

Check your server by typing “http://localhost” in your browser.

Now you need to make changes for including the SSL connection. First go to the directory sites-available

cd sites-available

Modify the file “default-ssl” by replacing the contents of SSLCertificateKey and SSLCertificateFile as shown below:

default-ssl

Modify the file “default” by copying the the Virtual host from above and making the changes as in it as shown:

default

In the folder /etc/apache2/ you need to make changes to the ‘httpd.conf’ file by adding these two lines to the blank file:

httpd

Now provide the command to start the ssl service

a2enmod ssl

Restart the apache service and you will get the service started as shown below:

server start

Congratulations! Your SSL Apache server has started.

Now try to browse your Apache from a remote machine, by typing “http://ip of your server” in its browser.

To check the SSL connection, try ‘https’ instead of ‘http’ before the ip address

At first time, you will get a message that it is an untrusted connection (because it is using a certificate which we have just created, and your will not be having that certificate) Add and exception for the certificate.

untrusted

After you add an exception for the certificate, finally you will get the SSL connection to the Apache server. The SSL connection will work until you have the respective certificate added to your browser.

https

Advertisements