Tuesday, May 31, 2011

Configure Apache with OpenSSL in SUSE

  1. Create a random data file
    cat /dev/random > randomfile

  2. Create key pair
    openssl genrsa -des3 -out server.key -rand randomfile

  3. Sign the created Public Key and create a digital certificate
    openssl req -new -x509 -key server.key -out server.crt
    Answer the questions posed and then copy the Public Key and digital certificate into appropriate directories:
    server.key --> /etc/apache2/ssl.key/
    server.crt --> /etc/apache2/ssl.crt/


  4. Configure Apache to use OpenSSL
    Edit the /etc/sysconfig/apache2 file
    APACHE_START_TIMEOUT="10" - the httpd start time out
    APACHE_SERVER_FLAGS="SSL"


  5. Configure the main site to use HTTPS
    Edit the /etc/apache2/default-server.conf file and add the following directives from the /etc/apache2/vhost.d/vhost-ssl.template file
    SSLEngine on
    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
    SSLCertificateFile /etc/apache2/ssl.crt/server.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key/server.key


  6. Configure a Virtual Host to use HTTPS
    • Follow steps 1 to 3 to create the key and digital certificate
    • Edit the /etc/apaches2/vhost.d/.conf file
    • Change VirtualHost :80 to VirtualHost *:443
    • Append the ServerName directive with 443 e.g. vhost.mydomain.lan to vhost.mydomain.lan:443

No comments: