It appears there are a million ways to define things, which make it extremely frustrating. I'd like to keep things as "standard" as possible so down the road when I am troubleshooting things I don't forget where certain configs are kept of their dependencies get screwed up for path problems. Does anyone know where I can find a "How To" that explains this stuff from start to finish? Most of the docs I find either aren't complete or reference other distros and the location of things aren't the same. Thanks, Eric Shaun Hess wrote:
Eric,
Here are some differences I see in my working setup of Apache with SSL.
Q> Which directory?? httpd? or apache2?? or both??
Answer> My files are kept in: /etc/apache2/ssl.*/
Q> So in this example, if my server was 'homeserver' I would rename all the certs (cert.pem, key.pem & req.pem) as follows respectively: homeserver.crt, homeserver.key, & homeserver.csr and copy them to the corresponding directories? This is the boxes local name? or FQDN that the cert specifies?
Answer> When I generated my certs they were named by default: server.crt, server.key, server.csr, etc. I did not rename them (myhostname.*). It works fine this way, but if there's a reason to change the names I am not aware of it.
Q> Edit /etc/httpd/httpd.conf:
<VirtualHost _default_:443>
# General setup for the virtual host DocumentRoot "/srv/www/htdocs" ServerName <SERVER-FULL-NAME> ServerAdmin www@<SERVER-FULL-NAME> ErrorLog /var/log/httpd/error_log TransferLog /var/log/httpd/access_log
Answer> I do not use the above example. Instead I do the following:
cd /etc/apache2/vhosts.d
cp -p vhost-ssl.template vhost-ssl.conf
vi vhost-ssl.conf
Change DocumentRoot, ServerName, ServerAdmin, etcetera to your configuration.
By default your httpd.conf file contains a line:
Include /etc/apache2/vhosts.d/*.conf
Which will pick up the vhost-ssl.conf file. You can also use the following command to check the syntax of your vhost-ssl.conf file:
httpd2 -S
Q> Again, which one? apache or apache2??
HTTPD_START_TIMEOUT="5" HTTPD_SEC_MOD_SSL="yes"
Answer> /etc/sysconfig/apache2
-----Original Message----- From: Eric Kahklen [mailto:eric@kahklen.com] Sent: Friday, February 06, 2004 11:25 AM To: Philippe Vogel Cc: suse-security@suse.com Subject: Re: [suse-security] Using SSL Certs
Philippe,
Thanks allot of for the help! I have a few questions below.
This will do:
gensslcert --help
All Options are shown!
Gensslcert will generate a certificate for 2000 days (this should be long enough).
I've already generated a cert with openssl. Is gensslcert another way to do it or a way to test Apache?
Go to /etc/httpd (/etc/apache2) and there to
Which directory?? httpd? or apache2?? or both?? I am running SUSE 9.0 which I assume is using apache2.
ssl.crt/ ssl.key/ ssl.csr/
and rename all new certs (<SERVERNAME>server.*) to:
So in this example, if my server was 'homeserver' I would rename all the certs (cert.pem, key.pem & req.pem) as follows respectively: homeserver.crt, homeserver.key, & homeserver.csr and copy them to the corresponding directories? This is the boxes local name? or FQDN that the cert specifies?
/etc/httpd/ssl.crt/server.crt /etc/httpd/ssl.key/server.key /etc/httpd/ssl.csr/server.csr
Edit /etc/sysconfig/apache (apache2)
Again, which one? apache or apache2??
HTTPD_START_TIMEOUT="5" HTTPD_SEC_MOD_SSL="yes"
Apache2:
APACHE_SERVER_FLAGS="-D SSL" APACHE_MODULES=" [...] ssl"
Next do a
I should know from your above answers, but this would depend upon which version of apache correct???
Thanka allot!!!
Eric
SuSEconfig --module apache (or apache2)
rcapache restart
Check if the server comes up.
Philippe