by admin
24. November 2006 07:53
Here's part two of my Apache-Subversion setup process. This time we're setting up SSL on the server.
1. Generate SSL Certificates
First up we need to generate some certificates for the system. Although OpenSSL came with the Apache install, it doesn't include all the necessary config files by default so the easiest way I found was to download a separate set of binaries which run straight out of the box. Grab OpenSSL from http://www.slproweb.com/products/Win32OpenSSL.html and install it.
The certificates are generated through the following commands:
openssl req -new -out server.csr
openssl rsa -in privkey.pem -out server.key
openssl x509 -in server.csr -out server.crt -req -signkey server.key
Fill in the appropriate info when prompted. Make sure that when you're prompted for the Common Name (eg, your websites domain name) you put in the address of the server (e.g., www.rikware.com). Note that these certificates are of course not signed by a certificate authority so you will be warned when visiting the site that they may be insecure. You can avoid this by distributing the server.crt file to your clients separately. Alternatively get the certificates signed properly, but I'm not going in to how that is done. Check out http://raibledesigns.com/wiki/Wiki.jsp?page=ApacheSSL for some more info.
You should now have a server.crt and server.key file. Copy those to the /Apache/conf/ssl.crt/ and /Apache/conf/ssl.key/ directories (you'll need to create the directories yourself.
2. Config
Open up /Apache/conf/ssl.conf and replace "c:/apache" with "C:/Program Files/Apache" (or wherever you've installed Apache. Also uncomment (remove the '#') the lines <IfDefine SSL> and </IfDefine>.
If you want to move SSL from the default port then search for "443" and replace it with the new port.
Open up /Apache/conf/httpd.conf and uncomment the following lines:
- LoadModule ssl_module modules/mod_ssl.so
- <IfModule mod_ssl.c> and the </IfModule> just below.
3. Test
Start up Apache and try browsing to https://localhost/. You should get the Apache default page again after an SSL.
Next time - Adding Subversion support to Apache.
7cb18c80-b0ab-452f-8fc4-e6e03ada4465|1|1.0
Category: Programming
Tags: