So you’ve built a Linux server, and you’re testing it out, and you want to enable SSL for encrypting your http traffic in testing or non-production use. Right. No prob. I’ve put together an extremely quick cheat-sheet on how to do it on a Suse server, and some of it applies to other distros as well. Here we go…
First, please start by reading some of this (if present): /etc/sysconfig/apache2
…there are a few good suggestions (as well as a bunch of configuration options) to get you started. The steps below are based on the things mentioned there.
Now, to create the certificate(s) for use, you can do it one of two quick-and-easy ways:
Option 1: To create a test certificate from “Snake Oil CA” as root, run:
cd /usr/share/doc/packages/apache2; ./certificate.sh
…and fill in the values as prompted.
Option 2: To create a self-named CA, self-signed cert, do this instead:
/usr/bin/gensslcert -c US -s MI -l "Southfield" -o "Your Linux Guy" -e jpavlov@yourLinuxGuy.com -d -n www.yourLinuxGuy.com
…or similar; of course customize to taste. This is actually my preferred test method, over the “Snake Oil” stuff. Use the following command to get the options:
/usr/bin/gensslcert --help
Then, in /etc/sysconfig/apache2
make the following changes/validations:
– Ensure the APACHE_MODULES
section includes ssl
– Add SSL
to the APACHE_SERVER_FLAGS
section
Also, in /etc/apache2/vhosts.d/
do the following things:
– Copy vhost-ssl.template
to vhost-ssl.conf
– Edit vhost-ssl.conf
, and change:
“ServerName
” to match your server’s name in /etc/hosts
“ServerAdmin
” to your email address
Finally, restart apache with:
rcapache2 stop
rcapache2 start
You are done! Now hit your webserver at https://yourServerName/ and enjoy the SSL goodness.
Enjoy…
🙂
Pingback: Your Linux Guy .com » Blog Archive » How do I set up iFolder3.8 on Opensuse11.1?
Hi Jeremy,
I followed the instruction given above, I got the follwoing error:
Secure Connection Failed
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
Do you know why it happened?
Thanks.
Cheers,
Chris
@ Chris
Hmm… I’m betting something is not right in your vhost-ssl.conf. Besides the settings I mention above, make sure that the following other options are enabled:
SSLEngine on
SSLCipherSuite (set to the defaults should be fine)
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
…I hope that helps…
– Jeremy
Hi Jeremy,
Thanks! I finally found that it is my mistake. I copied vhost-ssl.template to vhost-ssl other than vhost-ssl.conf.
Cheers,
Chris.