Dec 182006
 

Sponsored Link

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Install apache2 in debian etch

#apt-get install apache2

Install openssl using the following command

#apt-get install openssl ssl-cert

Install PHP5 support for apache2 in debian etch

#apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi

Once you install apache server you need to Generate a certificate,Enable Apache SSL support and Configure your SSL options.

Generate A certificate

Generating a certificate will provide to protect the traffic exchanged between clients and your server, however it will be unsigned by a trusted certificate authority so it will generate warnings.

If you want to avoid these warning messages you need to get a trusted certificate from SSL certificate vendors.If you want to Generating an SSL certificate for Apache2 you need to use the openssl. This will ask you questions interactively then generate the certificate file appropriately.

Note:-For generating certificate you might have used the apache2-ssl-certificate command in debian sarge but in debian etch this command not available.If you want to generate certificates you need to use openssl from you command prompt Use the following command to generate certificates

#openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

Generating a 1024 bit RSA private key
.................................................++++++
...........................................++++++
writing new private key to ‘/etc/apache2/apache.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the

following command to set the correct permissions

#chmod 600 /etc/apache2/apache.pem

By default the server will listen for incoming HTTP requests on port 80 -- and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.

Listen 443

Enable SSL Support

If you want to enable SSL support for your apache web server you need to use the following comamnd

#a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.

Now you need to restart the apache2 server using the following command

#/etc/init.d/apache2 restart

Configuring SSL Certificate to Virtual Hosts in Apache2

First you need to edit the /etc/apache2/sites-available/default file change

NameVirtualHost *
to

NameVirtualHost *:80
NameVirtualHost *:443

Now you need to configure Virtual hosts using port 80

Example
ServerAdmin webmaster@localhost
.
.
.
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Example
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Now you need to restrat your apache web server using the following comamnd

# /etc/init.d/apache2 reload

Reloading web server config... XXXX

Sponsored Link

 Posted by at 8:29 am
  • http://blog.fitopaldi.net Fitopaldi

    good tutorial!! work perfectly!

  • Eric de la Goublaye

    Excellent!!! everything works fine, only to minor details:

    is not: chmod 600 /etc/apache2/ssl/apache.pem
    should be: chmod 600 /etc/apache2/apache.pem

    and

    is not: #/etc/init.d/apache2 retsrat
    should be: #/etc/init.d/apache2 restart

    Thanks for your help :o)

  • Admin

    @eric
    thanks for your corrections and i have changed in the main article

  • http://roskalaari.net hAsa

    I have some problem with Apache2…It doesn’t start :(

  • goody

    me too
    here`s the error
    [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Tue Jan 30 15:47:59 2007] [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn’t happen!)

  • rajesh

    Thanks a lot. Spent one whole day looking for apache2-ssl-certifacate but came to know it doesnt exist any more on debian ethch after reading ur article. Keep up the gud work Mate. Cheers

  • Earl

    excellent document

  • Xa2

    I get this after reload:
    NameVirtualHost *:443 has no VirtualHosts
    NameVirtualHost *:443 has no VirtualHosts

  • Maxsy

    thanx a lot
    it help me !!

  • André

    Thanks, it works very good!
    Only one thing I should to do:
    Put ServerName host.xxx.zzz in sessions and

  • firman

    i love you, man.
    it works well :D

  • http://horas.wetpaint.com/page/Home Samir Aser

    explain how configure Virtual hosts using port 80

  • http://horas.wetpaint.com/page/Home Samir Aser

    Please; Explain in detail the following :

    Now you need to configure Virtual hosts using port 80

    Example
    ServerAdmin webmaster@localhost
    .
    .
    .
    configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.

    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    Example
    ServerAdmin webmaster@localhost
    .
    .
    .
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    Now you need to restrat your apache web server using the following comamnd

    # /etc/init.d/apache2 reload

    Reloading web server config… XXXX

  • Rodolfo

    Thanks for the tutorial.

    I would add a suggestion for some who might have the same problem I had: PHP was not automatically activated. Hence, I had to run the command

    # a2enmod php5

    And then it worked (after restarting Apache2).

    Thanks again!

  • http://datenquelle.ch LCS

    Dear DebianAdmin

    I followed your instructions on this page. Iff i try to open my website (https://anyname.dyndns.org), I’m getting the following error msg: “SSL error:Can’t find common name in certificate-Continue? (y)” Why?

    Thank you in advance for your help, Laszlo

  • diaryon

    Thanks your idea,

    After I follow command
    #/etc/init.d/apache2 reload
    it output:
    Reloading web server config…13036

    and /var/log/apache2/error_log output:
    [Thu Oct 11 00:03:09 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:03:09 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [notice] Graceful restart requested, doing restart
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch7 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs

    what’s wrong with it? anyboby can help me>

  • http://intranet sysel

    Thanks to all. First I completely damaged the whole installation following the original Apache.org HowTo-s. Thanks to God my Konquerer left unchanged, hence I after all googled out this pages. I put it together from scratch, and voila.
    A single man can never know the detail topology of all complex server system. This site seems to be a good place for administrator’s know-how exchange.

    Jan

  • rory

    Hello there, Everything went fine till i got to:
    NameVirtualHost *
    to
    NameVirtualHost *:80
    NameVirtualHost *:443
    Now you need to configure Virtual hosts using port 80

    this is very confusing, what are we supposed to be using 80 or 443 or both, ¿is it that using 80 it gets redirected to 443? ¿what do i open in the firewall 80, 443 or both?, ¿could you please clarify this? Thank you very much for the tutorial and for everything.

  • david

    To those wondering what to do about NameVirtualHost, it’s pretty simple. Whereas before we had:
    NameVirtualHost *

    Now we need:
    NameVirtualHost *:80
    NameVirtualHost *:443

    blah blah

    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem
    blahblah

    So copy whatever’s in the virtual host block, dupe it, and change as above.

  • http://www.radaitecode.com varactor

    remove nameVirtualHost *
    your virtual host section should look like this

    …unchacnged code here…

    …same unchanged code here but add the following lines…
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache2.pem
    SSLCertificateKeyFile /etc/apache2/apache2.pem

    very good tutorial.. keep it up

  • http://www.radiatecode.com/ VarAcToR

    remove nameVirtualHost *
    your virtual host section should look like this
    <virtualhost *:80>
    …unchacnged code here…
    </virtualhost>

    <virtualhost *:443>
    …same unchanged code here but add the following lines…
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache2.pem
    SSLCertificateKeyFile /etc/apache2/apache2.pem
    </virtualhost>

    very good tutorial.. keep it up

  • ammaro

    thx a lot for good explanation i have error in browsing after done all steps ,, the error
    192.168.16.145 has sent an incorrect or unexpected message.Error code :- 12263
    plz help

  • http://www.issgreppi.it raf

    It works! Thank you very much for this article.
    raf

  • Justin

    I would like to know how to make a secure http connection. I am trying to secure(https) a URL. Any help would be appreciated.

  • alan

    I have the same problem as Justin. I can make an http connection but not an https and there are no error messages in the logs.

  • alan

    Solved my own problem. Nothing like an RTFM!

    Need to include the line

    listen 443

    in /etc/apache2/ports.conf and restart apache2

  • http://www.eoinh.com Eoin

    I followed every step and everything is done right but the php just doesn’t appear! I don’t know how to fix this. Please help.

  • Manuel

    Thanks…
    I have implemented you solution for enabling https on nagios logon.
    I have duplicated de Virtual host section, on with *:80 and a another with *:443 and it works.
    Now my nagios portal is available on http and https.
    Thank you.
    Manu.

  • http://INCONSTRUCTION WILFREDO PEREZ

    All these changes are in the /etc/apache2/sites-available/default file ?
    ****************************************
    Configuring SSL Certificate to Virtual Hosts in Apache2

    First you need to edit the /etc/apache2/sites-available/default file change

    NameVirtualHost *
    to

    NameVirtualHost *:80
    NameVirtualHost *:443

    Now you need to configure Virtual hosts using port 80

    Example
    ServerAdmin webmaster@localhost
    .
    .
    .
    configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.

    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    Example
    ServerAdmin webmaster@localhost
    .
    .
    .
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    **********************

  • Giuliano

    hey I am getting this …httpd (no pid file) not running

  • toecutter

    not working for me. I get the following error;

    Starting web server (apache2)…(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
    no listening sockets available, shutting down
    Unable to open logs
    failed!

  • laurent

    Merci beaucoup

    Très bon article !

  • Pawel

    dzi?ki za ten tutorial / thanks for this tutorial

  • http://www.s10sys.com David Wales

    Nice article thanks for the heads up…..

    When generating the SSL cert and asked to input: Common Name
    make sure you enter the domain name you wish to use e.g. http://www.mydomain.com

  • Adhelle

    hey,
    i get an error :(

    Starting web server (apache2)…(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
    no listening sockets available, shutting down
    Unable to open logs
    failed!

    help please? thanks ^^

  • Dre

    Now I am getting a connection issue when trying to connect via https…

    ——————————————————————–
    An error occurred during a connection to mars-webserver.local.lan.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)
    ——————————————————————–
    What can I to correct that ?

    tia :)

  • Sameera Gayan

    Hi,
    I got the same issue.
    ——————————————————————-
    An error occurred during a connection to localhost.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)
    ——————————————————————–
    Please help!!!

  • http://www.objis.com douglasmbiandou

    Thank you very much ! It works & helped me a lot.

  • matey

    when I run the apache2 force restart thing mentioned above I get this error:

    ERROR: APACHE_PID_FILE needs to be defined in /etc/apache2/envvars

    But no matter how I define the PID file I still get more errors about that goofy envvar file?!
    I wished some one would have taken the time to put a sample in there like most other conf. files do.

  • http://ali.ghaffaari.net cartoonist

    I have a problem with Apache 2!! :(
    when i start apache2:
    # /etc/init.d/apache2 start
    Starting web server: apache2/usr/sbin/apache2: error while loading shared libraries: libapr-1.so.0: cannot open shared object file: No such file or directory
    failed!

    I’ve installed ‘libapr1′ but no change occures! (excuse me because of my bad english! it’s not my native language!)
    help me please!

  • http://ali.ghaffaari.net cartoonist

    SOLVED! :) I unistalled all apache and libapr related package (apt-get purge) and then reinstall by:
    #apt-get install apache2
    Then Everything is OK!! :D

  • http://www.aknetbd.com khairul

    I have followed your instruction but i get some error

    #tail -f /var/log/apache2/error.log

    [Wed Mar 04 02:20:28 2009] [notice] Graceful restart requested, doing restart
    apache2: Could not reliably determine the server’s fully qualified domain name, using 221.120.101.237 for ServerName
    [Wed Mar 04 02:20:28 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Wed Mar 04 02:20:28 2009] [warn] RSA server certificate CommonName (CN) `Khairul’ does NOT match server name!?
    [Wed Mar 04 02:20:28 2009] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations
    [Wed Mar 04 02:34:57 2009] [notice] Graceful restart requested, doing restart
    apache2: Could not reliably determine the server’s fully qualified domain name, using 221.120.101.237 for ServerName
    [Wed Mar 04 02:34:57 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Wed Mar 04 02:34:57 2009] [warn] RSA server certificate CommonName (CN) `Khairul’ does NOT match server name!?
    [Wed Mar 04 02:34:57 2009] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations

  • http://www.linuxquestions.org Matey

    khairul
    That is not really an error.
    Your system is working just fine it seems.
    If this is supposed to be a part of a web server and/or a domain then that is an error message otherwise if you are on a local network or not a web related server then its OK.(its looking for .com .org etc.)
    I am no expert but for what I have seen the web configurations are scattered around but look into the folders called sites-available , sites-enabled etc. under /etc/apache2/…that is a good start

    BTW apache2 requires a -k to start I think?!

  • http://www.linuxquestions.org Matey

    # cartoonist Says:
    February 24th, 2009 at 8:37 am

    SOLVED! :) I unistalled all apache and libapr related package (apt-get purge) and then reinstall by:
    #apt-get install apache2
    Then Everything is OK!! :D

    Hey Thanks for taking the time and posting the Solution!
    I wished everyone did that.

  • grzech

    It works, it was easy. Thank you very much.

  • http://redhoodie.lan.org.nz Michael Brown

    to fix ssl_error_rx_record_too_long
    I removed all
    NameVirtualHost *
    from other site definitions,
    and addedd :80 or :443 to the virtual host

  • Yogi

    Hi,

    I followed through your instruction, everything worked fine but when i run this command /etc/apache2/ports.conf it shows -bash : /etc/apache2/ports.conf : permission denied and also for this command too /etc/apache2/sites-available/default.

    Please help me i am new to Debian…

    Thanks

  • http://www.infowars.com matey

    Are you running it as root ?
    in the terminal do;
    sudo /etc/init.d/apache2 restart

  • David

    The command has to be:

    openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/apache.pem

    You missed the “ssl” in the first path.

  • Sihker

    Thanks for the tutorial. The half hour, that I gained using this, I lost with “SSL received a record that exceeded the maximum permissible length.” :D
    Turns out one needs to

    sudo a2ensite default-ssl
    sudo /etc/init.d/apache2 reload

    to enforce the new configuration.