It’s quite an easy and painless process actually but I always forget the step, so I write it here for my own reminder, hope this can help others too ;)
First for apache’s mod-ssl (https) to work, we have to create a certificate.
Creating a certificate
Generate the keys for the Certificate Signing Request (CSR):
openssl genrsa -des3 -out server.key 1024
Create the insecure key, the one without a passphrase:
openssl rsa -in server.key -out server.key.insecure
Shuffle the key names:
mv server.key server.key.secure
mv server.key.insecure server.key
Create the CSR:
openssl req -new -key server.key -out server.csr
Create the self-signed certificate:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Install the key file server.key and certificate file server.crt:
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private
Ubuntu:
Enable the mod_ssl module:
sudo a2enmod ssl
Restart the service to enable the new settings:
sudo /etc/init.d/apache2 restart
Slackware:
Edit httpd.conf
pico /etc/httpd/httpd.conf
Enable the mod_ssl module, remove the comment in front of this line:
LoadModule ssl_module lib/httpd/modules/mod_ssl.so
and this:
Include /etc/httpd/extra/httpd-ssl.conf
Change the location of certificate:
SSLCertificateFile “/etc/httpd/server.crt”
to:
SSLCertificateFile “/etc/ssl/certs/server.crt”SSLCertificateKeyFile “/etc/httpd/server.key”
to:
SSLCertificateKeyFile “/etc/ssl/private/server.key”
Restart apache:
/etc/rc.d/rc.httpd restart
Last but not least, don’t forget to check the webserver directory on apache’s mod-ssl config:
Ubuntu:
pico /etc/apache2/sites-enabled/default-ssl
Slackware:
pico /etc/httpd/extra/httpd-ssl.conf
it’s not working allthought 443 is open: this is what i get in FF:
Secure Connection Failed
An error occurred during a connection to localhost.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
“Last but not least, don’t forget to check the webserver directory on apache’s mod-ssl config:”
check it for…..?
Check it for “webserver directory … in case it doesn’t point to your webserver file(s) and index