Apache SSL

From Training Material
Jump to navigation Jump to search

nginx and SSL

  • Encrypted transport over which HTTP runs
  • Decent performance with nginx
  • Can be combined with other features
    • Apache can handle SSL and proxy to another application

Installing mod_ssl

  • SSL not included by default in EL5
  • `yum -y install mod_ssl` to install
  • Will receive errors like '`Invalid command 'SSLEngine'`' if not installed


  • Public key encryption
  • **Private key** - should exist only on the server and not be transferred
  • **Certificate** - purchased from a third party who (should) verify that the recipient really is who they say they are
  • Safe to copy wherever/however you like - a copy given to every visitor to the website

Getting an SSL certificate

  • First, generate a private key
$ openssl genrsa -des3 -out server.key 2048
  • Next, generate a certificate signing request (CSR)
$ openssl req -new -key server.key -out server.csr
  • Now give the CSR to wherever you are buying the certificate from, and
 wait for them to send you an SSL cert

Using SSL Certificates

  • When you receive the SSL certificate, you will also receive an intermediary certificate
  • On Apache, this can be kept in its own file
  • If you have more than one intermediary, these must be combined into a single file

Adding SSL to Apache

<VirtualHost *:443> 
ServerName www.example.com
DocumentRoot /var/www/html 

SSLEngine On
SSLProtocol all -SSLv2
SSLCertificateKeyFile /etc/httpd/server.key
SSLCertificateFile /etc/httpd/server.crt
SSLCertificateChainFile /etc/httpd/intermediate.crt


  • Generate a private key + CSR, send to me to be signed
  • Install provided certificate
  • Make /foo proxy to the server on localhost:8000

Removing password from the key

openssl rsa -in server.key -out server-nopw.key