If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Install apache2 in debian etch
#apt-get install apache2
Install openssl using the following command
#apt-get install openssl ssl-cert
Install PHP5 support for apache2 in debian etch
#apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi
Once you install apache server you need to Generate a certificate,Enable Apache SSL support and Configure your SSL options.
Generate A certificate
Generating a certificate will provide to protect the traffic exchanged between clients and your server, however it will be unsigned by a trusted certificate authority so it will generate warnings.
If you want to avoid these warning messages you need to get a trusted certificate from SSL certificate vendors.If you want to Generating an SSL certificate for Apache2 you need to use the openssl. This will ask you questions interactively then generate the certificate file appropriately.
Note:-For generating certificate you might have used the apache2-ssl-certificate command in debian sarge but in debian etch this command not available.If you want to generate certificates you need to use openssl from you command prompt Use the following command to generate certificates
#openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
Generating a 1024 bit RSA private key
………………………………………….++++++
…………………………………….++++++
writing new private key to ‘/etc/apache2/apache.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the
following command to set the correct permissions
#chmod 600 /etc/apache2/apache.pem
By default the server will listen for incoming HTTP requests on port 80 - and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.
Listen 443
Enable SSL Support
If you want to enable SSL support for your apache web server you need to use the following comamnd
#a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
Now you need to restart the apache2 server using the following command
#/etc/init.d/apache2 restart
Configuring SSL Certificate to Virtual Hosts in Apache2
First you need to edit the /etc/apache2/sites-available/default file change
NameVirtualHost *
to
NameVirtualHost *:80
NameVirtualHost *:443
Now you need to configure Virtual hosts using port 80
Example
ServerAdmin webmaster@localhost
.
.
.
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Example
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Now you need to restrat your apache web server using the following comamnd
# /etc/init.d/apache2 reload
Reloading web server config… XXXX
You may also be interested in...
February 14th, 2007 at 11:07 am
good tutorial!! work perfectly!
February 26th, 2007 at 4:31 am
Excellent!!! everything works fine, only to minor details:
is not: chmod 600 /etc/apache2/ssl/apache.pem
should be: chmod 600 /etc/apache2/apache.pem
and
is not: #/etc/init.d/apache2 retsrat
should be: #/etc/init.d/apache2 restart
Thanks for your help
)
February 26th, 2007 at 8:58 am
@eric
thanks for your corrections and i have changed in the main article
February 26th, 2007 at 1:55 pm
I have some problem with Apache2…It doesn’t start
March 2nd, 2007 at 11:27 pm
me too
here`s the error
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jan 30 15:47:59 2007] [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn’t happen!)
March 6th, 2007 at 10:23 pm
Thanks a lot. Spent one whole day looking for apache2-ssl-certifacate but came to know it doesnt exist any more on debian ethch after reading ur article. Keep up the gud work Mate. Cheers
March 11th, 2007 at 2:14 am
excellent document
March 12th, 2007 at 10:18 pm
I get this after reload:
NameVirtualHost *:443 has no VirtualHosts
NameVirtualHost *:443 has no VirtualHosts
March 14th, 2007 at 3:17 pm
thanx a lot
it help me !!
June 12th, 2007 at 2:48 pm
Thanks, it works very good!
Only one thing I should to do:
Put ServerName host.xxx.zzz in sessions and
June 14th, 2007 at 1:28 pm
i love you, man.
it works well
August 8th, 2007 at 10:08 am
explain how configure Virtual hosts using port 80
August 8th, 2007 at 10:13 am
Please; Explain in detail the following :
Now you need to configure Virtual hosts using port 80
Example
ServerAdmin webmaster@localhost
.
.
.
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Example
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Now you need to restrat your apache web server using the following comamnd
# /etc/init.d/apache2 reload
Reloading web server config… XXXX
August 25th, 2007 at 4:20 am
Thanks for the tutorial.
I would add a suggestion for some who might have the same problem I had: PHP was not automatically activated. Hence, I had to run the command
# a2enmod php5
And then it worked (after restarting Apache2).
Thanks again!
August 31st, 2007 at 1:44 pm
Dear DebianAdmin
I followed your instructions on this page. Iff i try to open my website (https://anyname.dyndns.org), I’m getting the following error msg: “SSL error:Can’t find common name in certificate-Continue? (y)” Why?
Thank you in advance for your help, Laszlo
September 11th, 2007 at 9:13 am
Thanks your idea,
After I follow command
#/etc/init.d/apache2 reload
it output:
Reloading web server config…13036
and /var/log/apache2/error_log output:
[Thu Oct 11 00:03:09 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:03:09 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [notice] Graceful restart requested, doing restart
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch7 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
what’s wrong with it? anyboby can help me>
September 13th, 2007 at 4:58 pm
Thanks to all. First I completely damaged the whole installation following the original Apache.org HowTo-s. Thanks to God my Konquerer left unchanged, hence I after all googled out this pages. I put it together from scratch, and voila.
A single man can never know the detail topology of all complex server system. This site seems to be a good place for administrator’s know-how exchange.
Jan
September 14th, 2007 at 1:03 am
Hello there, Everything went fine till i got to:
NameVirtualHost *
to
NameVirtualHost *:80
NameVirtualHost *:443
Now you need to configure Virtual hosts using port 80
this is very confusing, what are we supposed to be using 80 or 443 or both, ¿is it that using 80 it gets redirected to 443? ¿what do i open in the firewall 80, 443 or both?, ¿could you please clarify this? Thank you very much for the tutorial and for everything.
September 14th, 2007 at 11:15 am
To those wondering what to do about NameVirtualHost, it’s pretty simple. Whereas before we had:
NameVirtualHost *
Now we need:
NameVirtualHost *:80
NameVirtualHost *:443
blah blah
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
blahblah
So copy whatever’s in the virtual host block, dupe it, and change as above.
February 8th, 2008 at 4:20 pm
remove nameVirtualHost *
your virtual host section should look like this
…unchacnged code here…
…same unchanged code here but add the following lines…
SSLEngine on
SSLCertificateFile /etc/apache2/apache2.pem
SSLCertificateKeyFile /etc/apache2/apache2.pem
very good tutorial.. keep it up
February 8th, 2008 at 4:23 pm
remove nameVirtualHost *
your virtual host section should look like this
<virtualhost *:80>
…unchacnged code here…
</virtualhost>
<virtualhost *:443>
…same unchanged code here but add the following lines…
SSLEngine on
SSLCertificateFile /etc/apache2/apache2.pem
SSLCertificateKeyFile /etc/apache2/apache2.pem
</virtualhost>
very good tutorial.. keep it up
April 27th, 2008 at 8:10 am
thx a lot for good explanation i have error in browsing after done all steps ,, the error
192.168.16.145 has sent an incorrect or unexpected message.Error code :- 12263
plz help
April 30th, 2008 at 12:24 am
It works! Thank you very much for this article.
raf
April 30th, 2008 at 10:33 am
I would like to know how to make a secure http connection. I am trying to secure(https) a URL. Any help would be appreciated.
May 11th, 2008 at 11:56 am
I have the same problem as Justin. I can make an http connection but not an https and there are no error messages in the logs.
May 11th, 2008 at 12:00 pm
Solved my own problem. Nothing like an RTFM!
Need to include the line
listen 443
in /etc/apache2/ports.conf and restart apache2