Chapter 3. Securing Your Apache Server with SSL

Table of Contents

Getting Started with SSL on Apache
Create a Local Key Pair
Generating a Certificate Signing Request
Receiving and Installing Your SSL Certificate

There are a few key ingredients you will need to use with Apache to secure your Web server: OpenSSL, mod_ssl, and root access to the server.

OpenSSL is a command line toolkit for using secure sockets layer encryption on a server and can be acquired from http://www.openssl.org . This tool works with Apache module mod_ssl in carrying out SSL-related tasks. Any modern Linux/Unix installation will come with OpenSSL, you will be required to install OpenSSL if your hosting you Apache sever on Windows. You will need root/admin privileges to install OpenSSL.

You must also ensure that mod_ssl is available on your server. To see which modules are active in Apache, issue the following command in a Terminal as root user on your server.

# httpd –l
        

If you have a recent Linux distribution installed, it is likely Apache’s modules are compiled as dynamic loadable modules, in which case you’ll need to edit your httpd.conf file and check that the following line is uncommented.

LoadModule ssl_module modules/libmodssl.so
        

Restarting Apache will load the module into action.

# service httpd restart
        
[Note]Note

Note that in recent Apache distributions, the httpd.conf file contains an "IfDefine HAVE_SSL" section that is intended to contain the "VirtualHost" definitions for all your SSL Websites. By placing these definitions within the "IfDefine" section, you can ensure that the sites will not be made available unless SSL support is successfully loaded on the server. This prevents any problems arising in which lack of SSL could expose your secure site