SSL Configuration in Apache

Secure Sockets Layer (SSL) enables the HTTP protocol to be secured. This page will show you how to configure SSL in Apache and SquirrelMail.

Generate a Private Key

Make sure you are logged in as the root user when doing steps below.

1. Generate a pass phrase protected private key using the command below. Provide a pass phrase when asked.
2. #openssl genrsa -des3 -out localhost.key 1024
3. Remove the pass phrase protection using the command below. Provide the pass phrase when asked.
4. #openssl rsa -in localhost.key -out localhost.key
5. Type in the command below to ensure that the private key will be readable by the root user only.
6.#chmod 400 localhost.key

Generate a Certificate

Generate a certificate signing request by typing in the command below and filling in your host information.

#openssl req -new -key localhost.key -out localhost.csr

To self sign your certificate request, type in the command below.
#openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt

Configuring Apache for SSL

Move the file localhost.key into /etc/pki/tls/private/

Place the certificate file into /etc/pki/tls/certs/ and name the file as localhost.crt. The command below applies to self-signed certificate only.

mv localhost.crt /etc/pki/tls/certs/

Edit the file /etc/httpd/conf.d/ssl.conf and edit the lines below.

DocumentRoot = /usr/share/squirrelmail
ServerName = mail.acme.local:443

Restart web server

Thanks
Manoj Chauhan

This entry was posted on Sunday, January 24th, 2010 at 6:55 am and is filed under Apache, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply