Setting up SSL: Red Hat and Apache 1.3.x

Important Note!
This is old stuff, I've not gone through these steps on a Red Hat box since 2005-2006 or so. I used a process like this with RH 9 - FC 3 or so, and RH AS 3. I keep these instructions online for historical purposes. Be forewarned if something doesn't work...

It is (or at least was) possible to lean on Red Hat scripts to complete the openssl dirty work. Check out Red Hat's instructions: http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/ch-httpd-secure-server.html. In fact, if you follow the steps on that URL (and if they still work), you may not need this document at all.

Perhaps you'd rather use the openssl commands natively. This document requires that you've got a signed server.crt and a server.key file available. You may have just gone through my steps on Creating Certificate Authorities and self-signed SSL certificates.

(1) Copy the server.crt and server.key files into position.

For Red Hat 9/Fedora/AS distros, you'll probably want to use the /etc/httpd/conf/ssl.crt and /etc/httpd/conf/ssl.key directories.

cp server.crt /etc/httpd/conf/ssl.crt
cp server.key /etc/httpd/conf/ssl.key

(2) Turn on the SSL engine and properly reference the server.crt and server.key files.

Make sure the engine is on and referencing the server.crt and server.key files you moved into place at an earlier step. Of course it's possible to select different directory locations for the .crt and .key files. Always make sure you manage their permissions very carefully.

You may be tweaking /etc/httpd/conf.d/httpd.conf. As I recall from years past, Red Hat did (still does?) have a separate file for SSL configuration: ssl.conf. This separate file is "included" by the main httpd.conf file for parsing by Apache at start time. So at this point you'll need to hunt around a bit to determine which file contains the appropriate settings.

SSLEngine on

SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key

(3) Instruct Apache to listen to port 443.

You can listen to a different port, although 443 is the default for https. Replace the x's below with your IP or DNS name if you have one.

Listen xxx.xxx.xxx.xxx:443

Red Hat should already be loading the ssl module, have the engine turned on, and be listening to 443. But you should double-check and examine the next settings detailed below as well.

LoadModule ssl_module modules/mod_ssl.so

(4) Configure the SSL virtual host.

Various tweaks here. For example, you'll probably want to create a separate directory from which to serve ssl web pages (DocumentRoot). Perhaps /var/www/html for port 80 material, and /var/www-ssl/html for SSL delivered pages. Create those directories if they don't exist, and place a basic index.html SSL web page in it for testing purposes.

<VirtualHost _default_:443>

DocumentRoot "/var/www-ssl/html"

ServerName xxx.xxx.xxx.xxx:443

Restart apache:

cd /etc/init.d
./httpd restart

Done -- test it out.

The views and opinions expressed in this page are strictly those of the page author.
The contents of this page have not been reviewed or approved by the University of Minnesota.

The views and opinions expressed in this page are strictly those of the page author.The contents of this page have not been reviewed or approved by the University of Minnesota.

The views and opinions expressed in this page are strictly those of the page author.
The contents of this page have not been reviewed or approved by the University of Minnesota.