Setting up SSL: openSuSE
Important Note!
This is old stuff, I've not gone through these steps on an openSUSE box since 2005-2006 or so.
I keep these instructions online for historical purposes. Be forewarned if something doesn't work...
Following is a step-by-step guide to creating a self-signed SSL
certificate for apache2 on the openSuSE linux distribution. The
instructions work with openSuSE 9.3, and perhaps later versions.
Go to Creating a Certificate Authority and self-signed SSL certificates
and complete the process there first.
Copy the resulting files into these locations. It's possible to put them somewhere else and change the
reference in the appropriate conf file in a later step, but these are the default locations:
cp server.key /etc/apache2/ssl.key
cp server.crt /etc/apache2/ssl.crt
cp server.csr /etc/apache2/ssl.csr
Since /srv/www/htdocs is the location for HTTP, I suggest
/srv/www-ssl/htdocs for SSL delivered pages. That way you might later
consider a /srv/www-ssl/cgi-bin to compliment the /srv/www/cgi-bin (to mirror
the architecture and make certain relative pathing easier to deal with
depending on how you write applications). But that's your call. Create
some directory to serve SSL pages. The last command creates a little
dummy index.html file for testing purposes.
cd /srv
mkdir www-ssl
cd www-ssl
mkdir htdocs
cd htdocs
echo "ssl index page">index.html
Edit /etc/sysconfig/apache2. Add "ssl" to the end of the following list
of apache modules to load:
APACHE_MODULES="access actions alias auth autoindex cgi dir include log_config \
mime negotiation setenvif status userdir asis imap php4 ssl"
Add "SSL" to the Apache startup server flags:
APACHE_SERVER_FLAGS="SSL"
Edit /etc/apache2/listen.conf. Add your server's IP or fully qualified
domain name (if you have one) to the listen directive for port 80:
Listen xxx.xxx.xxx.xxx:80
Do the same for the SSL port, assuming you're serving from the standard 443
(scroll down just a bit to the section inside <IfDefine SSL>):
Listen xxx.xxx.xxx.xxx:443
Go to /etc/apache2/vhosts.d. Copy vhost-ssl.template over to
vhost-ssl.conf to use as a template:
cp vhost-ssl.template vhost-ssl.conf
Go inside vhost-ssl.conf and make sure the following are set:
<VirtualHost _default_:443>
DocumentRoot "/srv/www-ssl/htdocs"
ServerName xxx.xxx.xxx.xxx:443
ServerAdmin youremail@yoursite.org
Make sure the SSLEngine is on, and the SSLCertificateFile and SSLCertificateKeyFile
point to the ssl.crt and ssl.key you created with the openssl commands. If you
went with default locations in an earlier step, you shouldn't have to make any
special changes in this regard.
Just before the </VirtualHost> directive is closed, add the following, making
tweaks as necessary for your environment. If you don't make a directory
directive, the SSL instance won't know where to look for the doc root.
<Directory "/srv/www-ssl/htdocs">
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Go to YaST -> Security & Users -> Firewall -> Allowed Services
Make sure that HTTP and HTTPS are enabled for the External Zone. Note
that this mechanism assumes port 80 and port 443 respectively. If you
want to set up HTTP or HTTPS on a different port (for instance, 8080 or
444) you need to go to the Advanced screen and manually type in the port
number under "TCP Ports" and describe the protocol you're adding (for example, HTTP or
HTTPS) in the last line under "IP Protocols." If you have a router, it probably
carries additional firewall rules. You'll need to open up the appropriate
port(s) there as well. That's beyond the scope of this document,
but should be in the docs that pertain to your hardware.
cd /etc/init.d
./apache2 restart
Done -- test it out.