Add ssl https to apache2 on freebsd
First:
got to: http://www.unixug.com/weBlog/content/how-setup-apache-22-freebsd-71-rel
for the initial Apache2.2 install..
Edit /usr/local/etc/apache22/httpd.conf file:
Find and edit the RED TEXT. Just un-comment it.
# Secure (SSL/TLS) connections
Include etc/apache22/extra/httpd-ssl.conf
Now Create SSL certificate for Apache:
prompt# mkdir -p /etc/ssl/apache
prompt# cd /etc/ssl/apache
prompt# openssl genrsa -des3 -out server.key 1024
It'll ask for a pass phrase
prompt# openssl req -new -key server.key -out server.csr
prompt# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
prompt# chmod 0400 /etc/ssl/apache/server.key
prompt# chmod 0400 /etc/ssl/apache/server.crt
Remove SSL passphrase:
(This is optional. Had a lot of requests for this)
prompt# cd /etc/ssl/apache
prompt# cp server.key server.key.orig
prompt# openssl rsa -in server.key.orig -out server.key
Protect our Apache key files:
prompt# chmod 400 /etc/ssl/apache/*
Edit /usr/local/etc/apache22/extra/httpd-ssl.conf
Leave this line alone..
<VirtualHost _default_:443>
because you could get a: (Error code: ssl_error_rx_record_too_long)
Then change these..
...
ServerName www.domain.tld:443
...
ServerAdmin webmaster@domain.tld
Comment out the defaults and add these.
...
SSLCertificateFile "/etc/ssl/apache/server.crt"
...
SSLCertificateKeyFile "/etc/ssl/apache/server.key"
...
Restart Apache
prompt# apachectl restart
Test:
Visiting either “http://domain.tld/” or “http://YOUR_IP/” should now bring up your machine’s default Apache web page (Something along the lines of “It Works!“. Then, visit either “https://domain.tld/” or “https://YOUR_IP/” to test the SSL/TLS. If you see both pages, you’re good to go. If not, browse to the top of this Apache Install page and try again. Also, be sure to check your logs to find out if there are any errors. The logs will be located in “/var/log/httpd-*” by default. Seriously, I cannot stress checking logs enough…
All done. Good Luck.
Ren
Originally all Howto, config, setups, and supporting documentation was researched and compiled so we could find working solutions for our particular environment. We primarily run and develop FreeBSD 7.x and Mac OS X 10.6.x Clients and servers.
testing
testing
Did get one error on first test to browse to it..
Secure Connection Failed
An error occurred during a connection to unixug.net.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
Changing <VirtualHost _default_:443> back to _default_ fixed it..
Directory settings.
As a side note: I run this in a vhost and had to edit the
<Directory "/path_to/www/">
#
# Possible values for the Options directive are "None", "All",
# or any.combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both.complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any.combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
SSLOptions +StdEnvVars
</Directory>
Post new comment