Czarism.com

In this brief blog entry I will note the steps to basically "enable" OpenSSL encryption using the available Apache2 package in the apt-get repositories. On Ubuntu this has been verified, and the packages are so very similar that Debian testing (plus) should be using the same steps. Any administrator of a computer should always practice security using any means possible. OpenSSL is the available solution in this scenario. OpenSSL is an open source implementation of the SSL and TLS protocols. The core library (written in the C programming language) implements the basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available.

Any administrator of a computer should always practice security using any means possible.

Starting from the beginning you can install the whole Apache2 HTTP daemon via Synaptic, apt-get or aptitude. [coolcode]sudo aptitude install apache2[/coolcode] Grant yourself a home for Apache2 and create a public_html folder (run as normal user, not root). Once created browse there. [coolcode]mkdir ~/public_html[/coolcode] Now you can generate your OpenSSL certification (key) by running Apache2-ssl-certificate. When you execute that script you will need to answer as many questions as you can to create the cert. [coolcode]sudo apache2-ssl-certificate[/coolcode] Now you need to configure Apache2 to use https (secured) on port 443 (standard port for SSL). Browse to /etc/apache2/ to make the changes. [coolcode]cd /etc/apache2/[/coolcode] Here you will see two folders; sites-enabled and sites-available. First make a copy of the current available site and name that "ssl". [coolcode]sudo cp sites-available/default sites-available/ssl[/coolcode] Then make a symbolic link to your new configuration to enable the properties. [coolcode]sudo ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/000-ssl[/coolcode] To verify; [coolcode]ls -la sites-enabled/[/coolcode] should look something similar to; [coolcode]lrwxrwxrwx 1 root root 22 2006-01-08 20:22 000-ssl -> ../sites-available/ssl[/coolcode] Now you must configure the "ssl" host. This may be done in gedit, nano, vi, or what ever floats-your-boat. Here I use VI; [coolcode]sudo vi sites-available/ssl[/coolcode] FIND: [coolcode]NameVirtualHost * ServerAdmin webmaster@localhost DocumentRoot /var/www/[/coolcode] REPLACE WITH: [coolcode]NameVirtualHost *:443 ServerAdmin webmaster@localhost DocumentRoot /var/www/ LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so SSLCertificateFile /etc/apache2/ssl/apache.pem SSLEngine On[/coolcode] And finally tell Apache2 to listen for this profile in /etc/apache2/ports.conf [coolcode]sudo vi /etc/apache2/ports.conf[/coolcode] Add the following under Listen 80 [coolcode]Listen 443[/coolcode] Restart Apache2 for the changes to take place. [coolcode]sudo /etc/init.d/apache2 restart[/coolcode] Finished! browse to https://localhost and verify and accept your very own SSL certificate. Also see this site which helped me write this entry. [1] http://www.geocities.com/arhuaco/doc/subversion/apache-subversion-in-debian.html