Scribd
Upload
22 views2 pages

Enabling SSL For Apache

This document outlines the steps to enable SSL for Apache using self-signed certificates or certificates from a Certification Authority. It includes instructions for generating the certificates with OpenSSL, configuring the Apache httpd.conf and httpd-ssl.conf files, and ensuring proper file locations for the SSL certificate and key. Finally, it advises restarting Apache and JBoss to access the application via HTTPS.

Uploaded by

j. koteswarao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
22 views2 pages

Enabling SSL For Apache

This document outlines the steps to enable SSL for Apache using self-signed certificates or certificates from a Certification Authority. It includes instructions for generating the certificates with OpenSSL, configuring the Apache httpd.conf and httpd-ssl.conf files, and ensuring proper file locations for the SSL certificate and key. Finally, it advises restarting Apache and JBoss to access the application via HTTPS.

Uploaded by

j. koteswarao
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Enabling SSL for Apache

Here we are creating the self-signed certificate, but the procedure would be the same even if you are going
to use a certificate from a Certification Authority like VeriSign, Trust Network.

1. Create certificates from Certification Authority or generate self-signed certificates from openSSL.
Creating a self-signed SSL Certificate using OpenSSL:

a. Open the command prompt and cd to your Apache installations "bin" directory. Usually it
would be:

cd "<<Apache_home>>\bin" and run below command.

openssl req -new -out server.csr

It will ask you some questions and you can safely ignore them and just answer the following
questions:
PEM pass phrase: Password associated with the private key you’re generating (anything of
your choice).
Common Name: The fully-qualified domain name associated with this certificate (i.e.
www.your-domain.com).

Now we need to remove the passphrase from the private key. The file "server.key" created
from the following command should be only readable by the apache server and the
administrator.

openssl rsa -in privkey.pem -out server.key

Now we need to set up an expiry date, it could be any time of your choice, we use 365 days
below:

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

2. We have the Self-signed SSL certificates ready now. Now We need to MOVE the "server.crt" and
"server.key" file to the

"<<Apache_Home>>/SSL/conf" location.
3. Take a backup of httpd.conf file which is at “<<Apache_Home\conf" location.

Open the httpd.conf file in edit mode and look for the below lines and remove any pound sign (#)
characters preceding it.
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
4. Now we need to modify the "<<Apache_Home>>\conf\extra\httpd-ssl.conf". Let all the default
options as it is but make sure to modify the following section according to your need:
<VirtualHost _default_:443> Note: Remove _default_ and put * i.e <VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot "Your Root folder location” Like DocumentRoot "<<Apache_Home>>\htdocs"
ServerName www.domain.com:443
ServerAlias domain.com:443
ErrorLog "<<Apache_Home>>\logs\error.log"
TransferLog "<<Apache_Home>>\logs\access.log"
SSLEngine on
SSLCertificateFile "<<Apache_Home>>\conf/server.cert"
SSLCertificateKeyFile "<<Apache_Home>>\conf/server.key"

</VirtualHost>

Make sure that "SSLCertificateFile" and "SSLCertificateKeyFile" are properly located.

5. Add the below lines at <VirtualHost *:443> section in "C:\Program Files\Apache Software
Foundation\Apache2.2\conf\extra\httpd-ssl.conf".

SSLProxyEngine on
ProxyPreserveHost On
ProxyPass /sample https://domain.com:8443/sample/
ProxyPassReverse /sample https://domain.com:8443/sample/

Note: Make sure that jboss has configured in SSL and application can be accessible through
https://domain.com:8443/sample/
6. Now restart the Apache & Jboss and try to access the RPM through HTTPS port.
i.e https://domain.com/

You might also like