Michael R. Head (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} suppressingfire) wrote,@ 2007-06-23 14:30:00 |
|
setting up ssl with apache2 on debian
I was finally forced to migrated to apache2 this week because apache1 has finally been removed from sid. Setting up https turned out to be a bit of a pain. All the HOWTOs online describe the use of a program called "apache2-ssl-certificate" which has been removed (see bug 395823). The commands listed in the bug report don't work either. Here's what I had to do:
I was finally forced to migrated to apache2 this week because apache1 has finally been removed from sid. Setting up https turned out to be a bit of a pain. All the HOWTOs online describe the use of a program called "apache2-ssl-certificate" which has been removed (see bug 395823). The commands listed in the bug report don't work either. Here's what I had to do:
- sudo apt-get install apache2
- sudo a2enmod ssl
- sudo mkdir /etc/apache2/ssl
- sudo openssl req $@ -config /usr/share/ssl-cert/ssleay.cnf -new -x509 -days 1460 -nodes -out /etc/apache2/ssl/apache.crt -keyout /etc/apache2/ssl/apache.pem
- sudo chmod 600 /etc/apache2/ssl/apache.pem
- sudo cp /etc/apache2/site-available/default /etc/apache2/site-available/ssl
- echo Listen 443 | sudo tee -a /etc/apache2/ports.conf
- Change/Add the following lines to the top of /etc/apache2/sites-available/ssl:
- NameVirtualHost *:443
- <VirtualHost *:443>
- SSLEngine On
- SSLCertificateFile /etc/apache2/ssl/apache.crt
- SSLCertificateKeyFile /etc/apache2/ssl/apache.pem
- ...
- sudo a2ensite ssl
- sudo invokerc.d apache2 restart
Yeah, so it was a lot easier with apache1, but it's done and documented now.
