The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Install apache2 in debian etch
#apt-get install apache2
Install openssl using the following command
#apt-get install openssl ssl-cert
Install PHP5 support for apache2 in debian etch
#apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi
Once you install apache server you need to Generate a certificate,Enable Apache SSL support and Configure your SSL options.
Generate A certificate
Generating a certificate will provide to protect the traffic exchanged between clients and your server, however it will be unsigned by a trusted certificate authority so it will generate warnings.
If you want to avoid these warning messages you need to get a trusted certificate from SSL certificate vendors.If you want to Generating an SSL certificate for Apache2 you need to use the openssl. This will ask you questions interactively then generate the certificate file appropriately.
Note:-For generating certificate you might have used the apache2-ssl-certificate command in debian sarge but in debian etch this command not available.If you want to generate certificates you need to use openssl from you command prompt Use the following command to generate certificates
#openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
Generating a 1024 bit RSA private key
………………………………………….++++++
…………………………………….++++++
writing new private key to ‘/etc/apache2/apache.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the
following command to set the correct permissions
#chmod 600 /etc/apache2/apache.pem
By default the server will listen for incoming HTTP requests on port 80 – and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.
Listen 443
Enable SSL Support
If you want to enable SSL support for your apache web server you need to use the following comamnd
#a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
Now you need to restart the apache2 server using the following command
#/etc/init.d/apache2 restart
Configuring SSL Certificate to Virtual Hosts in Apache2
First you need to edit the /etc/apache2/sites-available/default file change
NameVirtualHost *
to
NameVirtualHost *:80
NameVirtualHost *:443
Now you need to configure Virtual hosts using port 80
Example
ServerAdmin webmaster@localhost
.
.
.
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Example
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Now you need to restrat your apache web server using the following comamnd
# /etc/init.d/apache2 reload
Reloading web server config… XXXX
good tutorial!! work perfectly!
Excellent!!! everything works fine, only to minor details:
is not: chmod 600 /etc/apache2/ssl/apache.pem
should be: chmod 600 /etc/apache2/apache.pem
and
is not: #/etc/init.d/apache2 retsrat
should be: #/etc/init.d/apache2 restart
Thanks for your help :o)
@eric
thanks for your corrections and i have changed in the main article
I have some problem with Apache2…It doesn’t start 🙁
me too
here`s the error
[warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Tue Jan 30 15:47:59 2007] [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn’t happen!)
Thanks a lot. Spent one whole day looking for apache2-ssl-certifacate but came to know it doesnt exist any more on debian ethch after reading ur article. Keep up the gud work Mate. Cheers
excellent document
I get this after reload:
NameVirtualHost *:443 has no VirtualHosts
NameVirtualHost *:443 has no VirtualHosts
thanx a lot
it help me !!
Thanks, it works very good!
Only one thing I should to do:
Put ServerName host.xxx.zzz in sessions and
i love you, man.
it works well 😀
explain how configure Virtual hosts using port 80
Please; Explain in detail the following :
Now you need to configure Virtual hosts using port 80
Example
ServerAdmin webmaster@localhost
.
.
.
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Example
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Now you need to restrat your apache web server using the following comamnd
# /etc/init.d/apache2 reload
Reloading web server config… XXXX
Thanks for the tutorial.
I would add a suggestion for some who might have the same problem I had: PHP was not automatically activated. Hence, I had to run the command
# a2enmod php5
And then it worked (after restarting Apache2).
Thanks again!
Dear DebianAdmin
I followed your instructions on this page. Iff i try to open my website (https://anyname.dyndns.org), I’m getting the following error msg: “SSL error:Can’t find common name in certificate-Continue? (y)” Why?
Thank you in advance for your help, Laszlo
Thanks your idea,
After I follow command
#/etc/init.d/apache2 reload
it output:
Reloading web server config…13036
and /var/log/apache2/error_log output:
[Thu Oct 11 00:03:09 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:03:09 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [notice] Graceful restart requested, doing restart
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch7 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
[Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
what’s wrong with it? anyboby can help me>
Thanks to all. First I completely damaged the whole installation following the original Apache.org HowTo-s. Thanks to God my Konquerer left unchanged, hence I after all googled out this pages. I put it together from scratch, and voila.
A single man can never know the detail topology of all complex server system. This site seems to be a good place for administrator’s know-how exchange.
Jan
Hello there, Everything went fine till i got to:
NameVirtualHost *
to
NameVirtualHost *:80
NameVirtualHost *:443
Now you need to configure Virtual hosts using port 80
this is very confusing, what are we supposed to be using 80 or 443 or both, ¿is it that using 80 it gets redirected to 443? ¿what do i open in the firewall 80, 443 or both?, ¿could you please clarify this? Thank you very much for the tutorial and for everything.
To those wondering what to do about NameVirtualHost, it’s pretty simple. Whereas before we had:
NameVirtualHost *
Now we need:
NameVirtualHost *:80
NameVirtualHost *:443
blah blah
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
blahblah
So copy whatever’s in the virtual host block, dupe it, and change as above.
remove nameVirtualHost *
your virtual host section should look like this
…unchacnged code here…
…same unchanged code here but add the following lines…
SSLEngine on
SSLCertificateFile /etc/apache2/apache2.pem
SSLCertificateKeyFile /etc/apache2/apache2.pem
very good tutorial.. keep it up
remove nameVirtualHost *
your virtual host section should look like this
<virtualhost *:80>
…unchacnged code here…
</virtualhost>
<virtualhost *:443>
…same unchanged code here but add the following lines…
SSLEngine on
SSLCertificateFile /etc/apache2/apache2.pem
SSLCertificateKeyFile /etc/apache2/apache2.pem
</virtualhost>
very good tutorial.. keep it up
thx a lot for good explanation i have error in browsing after done all steps ,, the error
192.168.16.145 has sent an incorrect or unexpected message.Error code :- 12263
plz help
It works! Thank you very much for this article.
raf
I would like to know how to make a secure http connection. I am trying to secure(https) a URL. Any help would be appreciated.
I have the same problem as Justin. I can make an http connection but not an https and there are no error messages in the logs.
Solved my own problem. Nothing like an RTFM!
Need to include the line
listen 443
in /etc/apache2/ports.conf and restart apache2
I followed every step and everything is done right but the php just doesn’t appear! I don’t know how to fix this. Please help.
Thanks…
I have implemented you solution for enabling https on nagios logon.
I have duplicated de Virtual host section, on with *:80 and a another with *:443 and it works.
Now my nagios portal is available on http and https.
Thank you.
Manu.
All these changes are in the /etc/apache2/sites-available/default file ?
****************************************
Configuring SSL Certificate to Virtual Hosts in Apache2
First you need to edit the /etc/apache2/sites-available/default file change
NameVirtualHost *
to
NameVirtualHost *:80
NameVirtualHost *:443
Now you need to configure Virtual hosts using port 80
Example
ServerAdmin webmaster@localhost
.
.
.
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
Example
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
**********************
hey I am getting this …httpd (no pid file) not running
not working for me. I get the following error;
Starting web server (apache2)…(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
failed!
Merci beaucoup
Très bon article !
dzi?ki za ten tutorial / thanks for this tutorial
Nice article thanks for the heads up…..
When generating the SSL cert and asked to input: Common Name
make sure you enter the domain name you wish to use e.g. http://www.mydomain.com
hey,
i get an error 🙁
Starting web server (apache2)…(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
failed!
help please? thanks ^^
Now I am getting a connection issue when trying to connect via https…
——————————————————————–
An error occurred during a connection to mars-webserver.local.lan.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
——————————————————————–
What can I to correct that ?
tia 🙂
Hi,
I got the same issue.
——————————————————————-
An error occurred during a connection to localhost.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
——————————————————————–
Please help!!!
Thank you very much ! It works & helped me a lot.
when I run the apache2 force restart thing mentioned above I get this error:
ERROR: APACHE_PID_FILE needs to be defined in /etc/apache2/envvars
But no matter how I define the PID file I still get more errors about that goofy envvar file?!
I wished some one would have taken the time to put a sample in there like most other conf. files do.
I have a problem with Apache 2!! 🙁
when i start apache2:
# /etc/init.d/apache2 start
Starting web server: apache2/usr/sbin/apache2: error while loading shared libraries: libapr-1.so.0: cannot open shared object file: No such file or directory
failed!
I’ve installed ‘libapr1’ but no change occures! (excuse me because of my bad english! it’s not my native language!)
help me please!
SOLVED! 🙂 I unistalled all apache and libapr related package (apt-get purge) and then reinstall by:
#apt-get install apache2
Then Everything is OK!! 😀
I have followed your instruction but i get some error
#tail -f /var/log/apache2/error.log
[Wed Mar 04 02:20:28 2009] [notice] Graceful restart requested, doing restart
apache2: Could not reliably determine the server’s fully qualified domain name, using 221.120.101.237 for ServerName
[Wed Mar 04 02:20:28 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 04 02:20:28 2009] [warn] RSA server certificate CommonName (CN) `Khairul’ does NOT match server name!?
[Wed Mar 04 02:20:28 2009] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations
[Wed Mar 04 02:34:57 2009] [notice] Graceful restart requested, doing restart
apache2: Could not reliably determine the server’s fully qualified domain name, using 221.120.101.237 for ServerName
[Wed Mar 04 02:34:57 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Mar 04 02:34:57 2009] [warn] RSA server certificate CommonName (CN) `Khairul’ does NOT match server name!?
[Wed Mar 04 02:34:57 2009] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations
khairul
That is not really an error.
Your system is working just fine it seems.
If this is supposed to be a part of a web server and/or a domain then that is an error message otherwise if you are on a local network or not a web related server then its OK.(its looking for .com .org etc.)
I am no expert but for what I have seen the web configurations are scattered around but look into the folders called sites-available , sites-enabled etc. under /etc/apache2/…that is a good start
BTW apache2 requires a -k to start I think?!
# cartoonist Says:
February 24th, 2009 at 8:37 am
SOLVED! 🙂 I unistalled all apache and libapr related package (apt-get purge) and then reinstall by:
#apt-get install apache2
Then Everything is OK!! 😀
Hey Thanks for taking the time and posting the Solution!
I wished everyone did that.
It works, it was easy. Thank you very much.
to fix ssl_error_rx_record_too_long
I removed all
NameVirtualHost *
from other site definitions,
and addedd :80 or :443 to the virtual host
Hi,
I followed through your instruction, everything worked fine but when i run this command /etc/apache2/ports.conf it shows -bash : /etc/apache2/ports.conf : permission denied and also for this command too /etc/apache2/sites-available/default.
Please help me i am new to Debian…
Thanks
Are you running it as root ?
in the terminal do;
sudo /etc/init.d/apache2 restart
The command has to be:
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/apache.pem
You missed the “ssl” in the first path.
Thanks for the tutorial. The half hour, that I gained using this, I lost with “SSL received a record that exceeded the maximum permissible length.” 😀
Turns out one needs to
sudo a2ensite default-ssl
sudo /etc/init.d/apache2 reload
to enforce the new configuration.