Unable to set up SSL support for Apache 2 on Debian

Posted by Francesco on Server Fault See other posts from Server Fault or by Francesco
Published on 2011-06-24T19:21:31Z Indexed on 2011/06/25 0:25 UTC
Read the original article Hit count: 1366

Filed under:
|
|
|
|

I am trying to set up ssl support for Apache 2 on Debian. Versions are:

Debian GNU/Linux 6.0
apache2 2.2.16-6+squeeze1

I followed a lot of how-tos for days but I couldn't make it work. Here are my steps and configuration files (ServerName and DocumentRoot are changed for privacy, in case tell me):

# mkdir /etc/apache2/ssl
# openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem

at this point I've a doubt about permissions on apache.pem, at this step they are

-rw-r--r-- 1 root root

Maybe it has to belong to www-data? Then I enable ssl-mod with

# a2enmod ssl
# /etc/init.d/apache2 restart

I modify /etc/apache2/sites-available/default-ssl in this way (I put port 8080 because I need port 443 for another purpose):

<VirtualHost *:8080>
SSLEngine on
SSLCertificateFile    /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.pem

ServerAdmin webmaster@localhost

    DocumentRoot /var/www
    <Directory />
            Options Indexes FollowSymLinks
            AllowOverride All
    </Directory>
    <Directory /var/www/>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Order allow,deny
            allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
            AllowOverride None
            Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
            Order allow,deny
            Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log


    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>


<VirtualHost *:8080>
DocumentRoot /home/user1/public_html/
ServerName first.server.org

# Other directives here

</VirtualHost>

<VirtualHost *:8080>

DocumentRoot /home/user2/public_html/
ServerName second.server.org

# Other directives here

</VirtualHost>

I have to point out that the same configuration works on http (it is a copy of /etc/apache2/sites-available/default with some differences -> port and ssl support). My /etc/apache2/ports.conf is the following:

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

#NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
#NameVirtualHost *:8080
Listen 8080
</IfModule>

<IfModule mod_gnutls.c>
Listen 8080
</IfModule>

Any suggestion? Thanks

© Server Fault or respective owner

Related posts about debian

Related posts about ssl