Apache HTTPD with SSL (HTTPS, Secure Socket Layer)

This howto explains how to setup Apache httpd with ssl (https) for use with shopping carts, payment gateways or other secure systems.

Note: As of Apache httpd 2.2.12 SNI has been added (Server Name Indication) which allows you to run multiple https name-based virtualhosts, whereas previously it was only possible to run one SSL host per system. OpenSSL 0.9.8f is also another major requirement. As of the writing of this document this is only possible on Centos 6.x, not 5.x as the OpenSSL requirement is not met.

For a full description of requirements please see: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

Applicable to Centos Versions:

  • Centos 5.x
  • Centos 6.x

Requirements

Explanation of requirements.

  1. Root access or appropriate sudo privileges on the system.
  2. Registered domain and access to dns/hosting settings.
  3. Properly configured and working httpd setup.
  4. EPEL Repo enabled

Doing the Work

Basic description of what will be done and what is expected.

  1. Install httpd and openssl and generate key file for your new ssl certificate. While you can generate a non-encrypted key, the point here is security, so we’ll be generating an encrypted key. Both the private key and the certificate are required to enable SSL:
  2. Generate CSR (Certificate Signing Request) to give to your SSL certificate authority:
  3. Install and configure mod_ssl:
  4. Restart httpd using the passphrase:

Troubleshooting / How To Test

Explanation troubleshooting basics and expectations.

  1. Test your new SSL connection:
  2. Make sure httpd is started and that port 443 is open. Also, make sure you have configured httpd correctly apart from the SSL configuration:

Common Problems & Fixes

Describe common problems here, include links to known common problems if on another site

More Information

Any additional information or notes.

Disclaimer

We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #centoshelp or #httpd on irc.freenode.net

Added Reading