Apache SSL
Jump to navigation
Jump to search
nginx and SSL
- Encrypted transport over which HTTP runs
- Decent performance with nginx
- Can be combined with other features
- Apache can handle SSL and proxy to another application
Installing mod_ssl
- SSL not included by default in EL5
- `yum -y install mod_ssl` to install
- Will receive errors like '`Invalid command 'SSLEngine'`' if not installed
SSL
- Public key encryption
- **Private key** - should exist only on the server and not be transferred
- **Certificate** - purchased from a third party who (should) verify that the recipient really is who they say they are
- Safe to copy wherever/however you like - a copy given to every visitor to the website
Getting an SSL certificate
- First, generate a private key
$ openssl genrsa -des3 -out server.key 2048
- Next, generate a certificate signing request (CSR)
$ openssl req -new -key server.key -out server.csr
- Now give the CSR to wherever you are buying the certificate from, and
wait for them to send you an SSL cert
Using SSL Certificates
- When you receive the SSL certificate, you will also receive an intermediary certificate
- On Apache, this can be kept in its own file
- If you have more than one intermediary, these must be combined into a single file
Adding SSL to Apache
<VirtualHost *:443> ServerName www.example.com DocumentRoot /var/www/html SSLEngine On SSLProtocol all -SSLv2 SSLCertificateKeyFile /etc/httpd/server.key SSLCertificateFile /etc/httpd/server.crt SSLCertificateChainFile /etc/httpd/intermediate.crt </VirtualHost>
Exercise
- Generate a private key + CSR, send to me to be signed
- Install provided certificate
- Make /foo proxy to the server on localhost:8000
Removing password from the key
openssl rsa -in server.key -out server-nopw.key