Apache and SSL

Posted by Anandhan Subbiah on May 14, 2007 in Programming Concepts, Technical Articles • No comments

Why SSL ?

Protecting your web folders with Basic Authentication by using either htpasswd (using the filesystem to store username and password or mod_auth_mysql (using mysql to store username and password) increases security. But , this added layer of security provided by Basic Authentication can be overwhelmed easily by a serious hacker familiar with sniffing tools since the username and password are actually transmitted unencrypted from the client to the server.

What is SSL ?

Secure Sockets Layer (SSL). SSL in Apache comes in the form of mod_ssl, an Apache module that SSL-enables a website that Apache controls, allowing any communication to and from Apache to be encrypted.

Where can I Find it ?

mod_ssl.so is the name of the library and it can be found in the modules directory of apache.

What else do I need ?

Before SSL will work, you need to have a server key and server certificate that will be used to encrypt transmitted data, and present the client/browser with an SSL certificate. You can create your own certificate for testing purposes but this will cause an warning in the broswer - “Your browser does not recognize the Certificate Authority that issued the site’s certificate.” You should get a certificate from a bona fide Certificate Authority (CA) for production systems.

How do I create my own certificate ?

openssl req -new > testcer.csr

Now you have two new files: privkey.pem, which is a private key used to sign the certificate, and testcert.csr, the certificate request. Now you have to remove the passphrase from the key created . If you don’t remove the passphrase, you must enter it every time Apache is started.

openssl rsa -in privkey.pem -out testcert.key

Now you have to modify the httpd.conf

# Server Certificate:
SSLCertificateFile /etc/apache/ssl.crt/testcert.crt

# Server Private Key:
SSLCertificateKeyFile /etc/apache/ssl.crt/testcert.key

SSLEngine On

DocumentRoot “/wwwssl” # Use the SSL directory you created earlier
Servername www.example.com
ServerAdmin youremail@example.com
</VirtualHost>

Vista 64bit - Works for me (November 15th, 2008)
Writing your first Android Application. (October 8th, 2008)
Web Site Optimization - Choosing Data Formats Wisely (September 29th, 2008)
Subversion - commands (September 19th, 2008)
How to react when an employee loses his cool ? (September 17th, 2008)

Apache and SSL

Related articles

Leave a comment

My Links

Recent Posts

Sponsors

Last comments

Archives by month

RSS Feed

Blogroll