Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption and secure identification of the server.
For a general definition see: http://en.wikipedia.org/wiki/https, but more comprehensive information is available from http://www.apache-ssl.org/.
The following guidance might be useful in helping to configure HTTPS on a Linux server (but is not yet complete).
The difficulty I referred to below (use of HTTPS) is because of complications using SSL with name-based virtual hosts. Standard Apache offers IP-base virtual hosts and name-based virtual hosts. The former is where each web-server can be allocated to a different IP address. I do not have multiple (external/public) IP addresses; just a single static IP. Therefore I have no option but to use name-based virtual hosts.
Essentially the standard installation procedure as described in the Apache-SSL link in the tbale at the bottom of the page was followed. However some difficulties were encountered and these are also outlined below.
Log in as root for all of the following configuration activities.
[root@host ~]# openssl req -new -x509 -days 3650 -sha1 -newkey rsa:1024 -nodes -keyout domain.key -out domain.crt
Prompted for inputs which were entered (see below).
The certificate stuff appears to be working:
[root@host ~]# openssl s_client -state -quiet -connect localhost:443 SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=0 /C=UK/ST=County/L=Town/O=Company/OU=Department/CN=www.domain.org/emailAddress=webmaster@www.domain.org verify error:num=18:self signed certificate verify return:1 depth=0 /C=UK/ST=County/L=Town/O=Company/OU=Department/CN=www.domain.org/emailAddress=webmaster@www.domain.org verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A
and:
[root@host ~]# openssl s_client -state -quiet -connect www.domain.org:443 SSL_connect:before/connect initialization SSL_connect:SSLv2/v3 write client hello A SSL_connect:SSLv3 read server hello A depth=0 /C=UK/ST=County/L=Town/O=Company/OU=Department/CN=www.www.domain.org/emailAddress=webmaster@www.domain.org verify error:num=18:self signed certificate verify return:1 depth=0 /C=UK/ST=County/L=Town/O=Company/OU=Department/CN=www.www.domain.org/emailAddress=webmaster@www.domain.org verify return:1 SSL_connect:SSLv3 read server certificate A SSL_connect:SSLv3 read server key exchange A SSL_connect:SSLv3 read server done A SSL_connect:SSLv3 write client key exchange A SSL_connect:SSLv3 write change cipher spec A SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data SSL_connect:SSLv3 read finished A
Now to address the Apache configuration aspects.
The main Apache configuraiton file /etc/httpd/conf/httpd.conf did not require modification; the OpenSSL / https aspects are all contained in the /etc/httpd/conf.d/ssl.conf file. Therefore edit the /etc/httpd/conf.d/ssl.conf file with any standard editor (e.g. vi).
The edits on /etc/httpd/conf.d/ssl.conf included:
... LoadModule ssl_module modules/mod_ssl.so ...DocumentRoot "/home/www/ .../ssl-html" ServerName www. .org.uk ServerAdmin webmaster@ .org.uk SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/cert.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/cert.key ErrorLog logs/ssl_error_log CustomLog logs/ssl_access_log combined LogLevel warn
Other Details TBA...
When the client browser access the secure site(s) the certificate situation is queried, and the certificate installed if desired. Note of course that they are self-signed certificates, so there can be issues of confidence with that.
Successfully working for three named virtual hosts.
The following general links are useful references when setting up HTTPS: