Install and Configure Apache2 with PHP5 and SSL Support in Debian Etch

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

Install apache2 in debian etch

#apt-get install apache2

Install openssl using the following command

#apt-get install openssl ssl-cert

Install PHP5 support for apache2 in debian etch

#apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi

Once you install apache server you need to Generate a certificate,Enable Apache SSL support and Configure your SSL options.

Generate A certificate

Generating a certificate will provide to protect the traffic exchanged between clients and your server, however it will be unsigned by a trusted certificate authority so it will generate warnings.

If you want to avoid these warning messages you need to get a trusted certificate from SSL certificate vendors.If you want to Generating an SSL certificate for Apache2 you need to use the openssl. This will ask you questions interactively then generate the certificate file appropriately.

Note:-For generating certificate you might have used the apache2-ssl-certificate command in debian sarge but in debian etch this command not available.If you want to generate certificates you need to use openssl from you command prompt Use the following command to generate certificates

#openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

Generating a 1024 bit RSA private key
………………………………………….++++++
…………………………………….++++++
writing new private key to ‘/etc/apache2/apache.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the

following command to set the correct permissions

#chmod 600 /etc/apache2/apache.pem

By default the server will listen for incoming HTTP requests on port 80 – and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.

Listen 443

Enable SSL Support

If you want to enable SSL support for your apache web server you need to use the following comamnd

#a2enmod ssl
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.

Now you need to restart the apache2 server using the following command

#/etc/init.d/apache2 restart

Configuring SSL Certificate to Virtual Hosts in Apache2

First you need to edit the /etc/apache2/sites-available/default file change

NameVirtualHost *
to

NameVirtualHost *:80
NameVirtualHost *:443

Now you need to configure Virtual hosts using port 80

Example
ServerAdmin webmaster@localhost
.
.
.
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Example
ServerAdmin webmaster@localhost
.
.
.
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Now you need to restrat your apache web server using the following comamnd

# /etc/init.d/apache2 reload

Reloading web server config… XXXX

Sponsored Link

60 thoughts on “Install and Configure Apache2 with PHP5 and SSL Support in Debian Etch

  1. Excellent!!! everything works fine, only to minor details:

    is not: chmod 600 /etc/apache2/ssl/apache.pem
    should be: chmod 600 /etc/apache2/apache.pem

    and

    is not: #/etc/init.d/apache2 retsrat
    should be: #/etc/init.d/apache2 restart

    Thanks for your help :o)

  2. me too
    here`s the error
    [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Tue Jan 30 15:47:59 2007] [error] Illegal attempt to re-initialise SSL for server (theoretically shouldn’t happen!)

  3. Thanks a lot. Spent one whole day looking for apache2-ssl-certifacate but came to know it doesnt exist any more on debian ethch after reading ur article. Keep up the gud work Mate. Cheers

  4. I get this after reload:
    NameVirtualHost *:443 has no VirtualHosts
    NameVirtualHost *:443 has no VirtualHosts

  5. Thanks, it works very good!
    Only one thing I should to do:
    Put ServerName host.xxx.zzz in sessions and

  6. Please; Explain in detail the following :

    Now you need to configure Virtual hosts using port 80

    Example
    ServerAdmin webmaster@localhost
    .
    .
    .
    configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.

    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    Example
    ServerAdmin webmaster@localhost
    .
    .
    .
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    Now you need to restrat your apache web server using the following comamnd

    # /etc/init.d/apache2 reload

    Reloading web server config… XXXX

  7. Thanks for the tutorial.

    I would add a suggestion for some who might have the same problem I had: PHP was not automatically activated. Hence, I had to run the command

    # a2enmod php5

    And then it worked (after restarting Apache2).

    Thanks again!

  8. Dear DebianAdmin

    I followed your instructions on this page. Iff i try to open my website (https://anyname.dyndns.org), I’m getting the following error msg: “SSL error:Can’t find common name in certificate-Continue? (y)” Why?

    Thank you in advance for your help, Laszlo

  9. Thanks your idea,

    After I follow command
    #/etc/init.d/apache2 reload
    it output:
    Reloading web server config…13036

    and /var/log/apache2/error_log output:
    [Thu Oct 11 00:03:09 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:03:09 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [notice] Graceful restart requested, doing restart
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch7 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs
    [Thu Oct 11 00:06:32 2007] [error] [client ::1] File does not exist: /htdocs

    what’s wrong with it? anyboby can help me>

  10. Thanks to all. First I completely damaged the whole installation following the original Apache.org HowTo-s. Thanks to God my Konquerer left unchanged, hence I after all googled out this pages. I put it together from scratch, and voila.
    A single man can never know the detail topology of all complex server system. This site seems to be a good place for administrator’s know-how exchange.

    Jan

  11. Hello there, Everything went fine till i got to:
    NameVirtualHost *
    to
    NameVirtualHost *:80
    NameVirtualHost *:443
    Now you need to configure Virtual hosts using port 80

    this is very confusing, what are we supposed to be using 80 or 443 or both, ¿is it that using 80 it gets redirected to 443? ¿what do i open in the firewall 80, 443 or both?, ¿could you please clarify this? Thank you very much for the tutorial and for everything.

  12. To those wondering what to do about NameVirtualHost, it’s pretty simple. Whereas before we had:
    NameVirtualHost *

    Now we need:
    NameVirtualHost *:80
    NameVirtualHost *:443

    blah blah

    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem
    blahblah

    So copy whatever’s in the virtual host block, dupe it, and change as above.

  13. remove nameVirtualHost *
    your virtual host section should look like this

    …unchacnged code here…

    …same unchanged code here but add the following lines…
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache2.pem
    SSLCertificateKeyFile /etc/apache2/apache2.pem

    very good tutorial.. keep it up

  14. remove nameVirtualHost *
    your virtual host section should look like this
    <virtualhost *:80>
    …unchacnged code here…
    </virtualhost>

    <virtualhost *:443>
    …same unchanged code here but add the following lines…
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache2.pem
    SSLCertificateKeyFile /etc/apache2/apache2.pem
    </virtualhost>

    very good tutorial.. keep it up

  15. thx a lot for good explanation i have error in browsing after done all steps ,, the error
    192.168.16.145 has sent an incorrect or unexpected message.Error code :- 12263
    plz help

  16. I would like to know how to make a secure http connection. I am trying to secure(https) a URL. Any help would be appreciated.

  17. I have the same problem as Justin. I can make an http connection but not an https and there are no error messages in the logs.

  18. Solved my own problem. Nothing like an RTFM!

    Need to include the line

    listen 443

    in /etc/apache2/ports.conf and restart apache2

  19. I followed every step and everything is done right but the php just doesn’t appear! I don’t know how to fix this. Please help.

  20. Thanks…
    I have implemented you solution for enabling https on nagios logon.
    I have duplicated de Virtual host section, on with *:80 and a another with *:443 and it works.
    Now my nagios portal is available on http and https.
    Thank you.
    Manu.

  21. All these changes are in the /etc/apache2/sites-available/default file ?
    ****************************************
    Configuring SSL Certificate to Virtual Hosts in Apache2

    First you need to edit the /etc/apache2/sites-available/default file change

    NameVirtualHost *
    to

    NameVirtualHost *:80
    NameVirtualHost *:443

    Now you need to configure Virtual hosts using port 80

    Example
    ServerAdmin webmaster@localhost
    .
    .
    .
    configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.

    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    Example
    ServerAdmin webmaster@localhost
    .
    .
    .
    SSLEngine on
    SSLCertificateFile /etc/apache2/apache.pem

    **********************

  22. not working for me. I get the following error;

    Starting web server (apache2)…(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
    no listening sockets available, shutting down
    Unable to open logs
    failed!

  23. hey,
    i get an error 🙁

    Starting web server (apache2)…(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
    no listening sockets available, shutting down
    Unable to open logs
    failed!

    help please? thanks ^^

  24. Now I am getting a connection issue when trying to connect via https…

    ——————————————————————–
    An error occurred during a connection to mars-webserver.local.lan.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)
    ——————————————————————–
    What can I to correct that ?

    tia 🙂

  25. Hi,
    I got the same issue.
    ——————————————————————-
    An error occurred during a connection to localhost.

    SSL received a record that exceeded the maximum permissible length.

    (Error code: ssl_error_rx_record_too_long)
    ——————————————————————–
    Please help!!!

  26. when I run the apache2 force restart thing mentioned above I get this error:

    ERROR: APACHE_PID_FILE needs to be defined in /etc/apache2/envvars

    But no matter how I define the PID file I still get more errors about that goofy envvar file?!
    I wished some one would have taken the time to put a sample in there like most other conf. files do.

  27. I have a problem with Apache 2!! 🙁
    when i start apache2:
    # /etc/init.d/apache2 start
    Starting web server: apache2/usr/sbin/apache2: error while loading shared libraries: libapr-1.so.0: cannot open shared object file: No such file or directory
    failed!

    I’ve installed ‘libapr1’ but no change occures! (excuse me because of my bad english! it’s not my native language!)
    help me please!

  28. SOLVED! 🙂 I unistalled all apache and libapr related package (apt-get purge) and then reinstall by:
    #apt-get install apache2
    Then Everything is OK!! 😀

  29. I have followed your instruction but i get some error

    #tail -f /var/log/apache2/error.log

    [Wed Mar 04 02:20:28 2009] [notice] Graceful restart requested, doing restart
    apache2: Could not reliably determine the server’s fully qualified domain name, using 221.120.101.237 for ServerName
    [Wed Mar 04 02:20:28 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Wed Mar 04 02:20:28 2009] [warn] RSA server certificate CommonName (CN) `Khairul’ does NOT match server name!?
    [Wed Mar 04 02:20:28 2009] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations
    [Wed Mar 04 02:34:57 2009] [notice] Graceful restart requested, doing restart
    apache2: Could not reliably determine the server’s fully qualified domain name, using 221.120.101.237 for ServerName
    [Wed Mar 04 02:34:57 2009] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
    [Wed Mar 04 02:34:57 2009] [warn] RSA server certificate CommonName (CN) `Khairul’ does NOT match server name!?
    [Wed Mar 04 02:34:57 2009] [notice] Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c configured — resuming normal operations

  30. khairul
    That is not really an error.
    Your system is working just fine it seems.
    If this is supposed to be a part of a web server and/or a domain then that is an error message otherwise if you are on a local network or not a web related server then its OK.(its looking for .com .org etc.)
    I am no expert but for what I have seen the web configurations are scattered around but look into the folders called sites-available , sites-enabled etc. under /etc/apache2/…that is a good start

    BTW apache2 requires a -k to start I think?!

  31. # cartoonist Says:
    February 24th, 2009 at 8:37 am

    SOLVED! 🙂 I unistalled all apache and libapr related package (apt-get purge) and then reinstall by:
    #apt-get install apache2
    Then Everything is OK!! 😀

    Hey Thanks for taking the time and posting the Solution!
    I wished everyone did that.

  32. to fix ssl_error_rx_record_too_long
    I removed all
    NameVirtualHost *
    from other site definitions,
    and addedd :80 or :443 to the virtual host

  33. Hi,

    I followed through your instruction, everything worked fine but when i run this command /etc/apache2/ports.conf it shows -bash : /etc/apache2/ports.conf : permission denied and also for this command too /etc/apache2/sites-available/default.

    Please help me i am new to Debian…

    Thanks

  34. The command has to be:

    openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/apache.pem

    You missed the “ssl” in the first path.

  35. Thanks for the tutorial. The half hour, that I gained using this, I lost with “SSL received a record that exceeded the maximum permissible length.” 😀
    Turns out one needs to

    sudo a2ensite default-ssl
    sudo /etc/init.d/apache2 reload

    to enforce the new configuration.

Leave a comment

Your email address will not be published. Required fields are marked *