On SuSE 9.1, when you install your software, in YAST2, search for apache. Install all the apache2 items and none of the plain apache ones. If you are not running SuSE, the directory locations may change. Be sure to run the online update in Yast2 because there have been many fixes to both Apache and OpenSSH. If you use php, I have seen Web pages that advise upgrading to the latest versions.
In Yast2 you can configure the non-SSL server in Network Services/HTTP server.
Do not turn on SSL in the default host or else the non-ssl host (on port 80)
will try to look for certificates. Also, if you have the SuSE firewall turned
on, be sure to allow port 443 (or the port you choose for SSL) through the firewall.
cd /etc/init.dand do
insserv apache2
This will insert apache 2 in the correct startup and shutdown scripts.
There is a good quick start document in/usr/share/doc/packages/apache2/README.QUICKSTART.SSL
But it is not quite enough to do the job.
http://localhost/manual/ssl/ssl_faq.html#aboutcertsand either get a "real" certificate or create your own following the instructions there.
As opposed to manually creating a cert you can do the following
/usr/bin/gensslcert2 (claims SuSE) however in my experience it’s actually: /usr/bin/gensslcert
Shamelessly lifted from: http://portal.suse.com/sdb/en/2003/01/apache2-faq.html#ssl
If you are not going to be at the console whenever your computer reboots, follow the instructions for using an unencrypted (but protected) server key. Be sure it is protected with access permissions 400.
If you run gensslcert, you should look at the man page and run it with all of the arguments.
These options are recognized: Default:
-C Common name "$name"
-N comment "$comment"
-c country (two letters, e.g. DE) $C
-s state $ST
-l city $L
-o organisation "$O"
-u organisational unit "$U"
-n fully qualified domain name $CN (\$FQHOSTNAME)
-e email address of webmaster webmaster@$CN
-y days server cert is valid for $srvdays
-Y days CA cert is valid for $CAdays
-d run in debug mode
-h show usage
For example:
/usr/bin/gensslcert -c US -s TN -l "Oak Ridge" -o Your_organization -e your_name@your_isp.com -d -n 192.168.1.10
In particular the CN field is critical because it must be identical to the
ServerName 192.168.1.10
in the virtual host file (discussed later).
gensslcert will put the certificates in the correct directories. If you get a "real" certificate, install the server key in
/etc/apache2/ssl.key/server.keyand the server certificate in
/etc/apache2/ssl.crt/server.crt
As root, you will need to edit several files.
/etc/sysconfig/apache2:
Add ssl to
APACHE_MODULES="access actions alias auth auth_dbm autoindex cgi dir
env expires include log_config mime negotiation setenvif status suexec userdir
ssl"
Add the server flag SSL to turn on the SSL
module configuration file (/etc/apache2/ssl.conf)
APACHE_SERVER_FLAGS="-D SSL"
Increase the startup timeout to allow a password
entry if necessary
APACHE_START_TIMEOUT="5"
In /etc/apache2/vhosts.d,
cp vhost-ssl.template vhost-ssl.conf
You can also copy the vhost.template file to vhost.conf if you want a non-ssl server.
Then edit vhost-ssl.conf.
/etc/apache2/vhosts.d/vhost-ssl.conf:
You must configure the virtual directory
for the server. You can put all the access control directives and the document
root here.
#
## SSL Virtual Host Context
##
<VirtualHost _default_:443>
# General setup for the virtual host
DocumentRoot "/srv/www/secdocs"
# The ServerName must be identical to the -n field in your certificate ServerName 192.168.1.10
ServerAdmin your@email.address
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log
#Access controls for a directory called noCTRP
<directory /srv/www/secdocs/noCTRP>
AuthType Basic
AuthName "Password Required"
# The file for the passwords for this directory
AuthUserFile /srv/www/passwords/password.noCTRP
require user security
Options Indexes FollowSymLinks
</directory>
There seems to be another problem that several other frustrated people have run across. In spite of putting the
APACHE_SERVER_FLAGS="-D SSL"
in /etc/sysconfig/apache2 file, the system seems to ignore the directive. You can see if this is the case on your system.
As root run
JARDELL:SuSEconfig JARDELL:/etc/apache2 # httpd2 -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
_default_:443 192.168.1.10 (/etc/apache2/vhosts.d/vhost-ssl.conf:27)
*:80 192.168.1.10 (/etc/apache2/vhosts.d/vhost.conf:1)
Syntax OK
If you do not see the vhost-ssl.conf file, something is rotten in Denmark. I was forced to modify the start of the vhost-ssl.cong file as follows:
#<IfDefine SSL>and of course comment out the corresponding </IfDefine> lines at the end of the file.
# <IfDefine !NOSSL>
Listen 443
rcapache2 startThis command can also be used to restart or stop your server.