install apache 22 + SSL

| Tuesday, September 08, 2009

# cd /usr/ports/www/apache22
# make install clean

# mkdir /usr/local/etc/apache22/ssl.key
# mkdir /usr/local/etc/apache22/ssl.crt
# chmod 0700 /usr/local/etc/apache22/ssl.key
# chmod 0700 /usr/local/etc/apache22/ssl.crt

# cd /root
# openssl genrsa -des3 -out server.key 1024

# openssl req -new -key server.key -out server.csr

# openssl x509 -req -days 365 -in /root/server.csr -signkey /root/server.key -out /root/server.crt

# cp /root/server.key /usr/local/etc/apache22/ssl.key/
# cp /root/server.crt /usr/local/etc/apache22/ssl.crt/

# chmod 0400 /usr/local/etc/apache22/ssl.key/server.key
# chmod 0400 /usr/local/etc/apache22/ssl.crt/server.crt

# cd /usr/local/etc/apache22/extra
# vi httpd-ssl.conf

Isikan httpd-ssl.conf sbb :

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache "dbm:/var/run/ssl_scache"
SSLSessionCache "shmcb:/var/run/ssl_scache(512000)"
SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex "file:/var/run/ssl_mutex"

##
## SSL Virtual Host Context
##



# General setup for the virtual host
DocumentRoot "/usr/local/www/apache22/data"
ServerName www.example.com:443
ServerAdmin you@example.com
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep
# in mind that if you have both an RSA and a DSA certificate you
# can configure both in parallel (to also allow the use of DSA
# ciphers, etc.)
SSLCertificateFile "/usr/local/etc/apache22/ssl.crt/server.crt"
#SSLCertificateFile "/usr/local/etc/apache22/server-dsa.crt"

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl.key/server.key"
#SSLCertificateKeyFile "/usr/local/etc/apache22/server-dsa.key"

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile "/usr/local/etc/apache22/server-ca.crt"

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "/usr/local/etc/apache22/ssl.crt"
#SSLCACertificateFile "/usr/local/etc/apache22/ssl.crt/ca-bundle.crt"

SSLOptions +StdEnvVars


SSLOptions +StdEnvVars

BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog "/var/log/httpd-ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


Supaya tiap kali start apache tdk ditanya password, lakukan sbb :
cd /usr/local/etc/apache22/ssl.key/
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

This entry was posted on 1:39 PM You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

 

1 komentar:

Anonymous said...

Bonjorno, runia2001.blogspot.com!
Farmacia Autorizzata Europea, Nessun costo nascosto, Ordine sicuro. [url=http://farmamed.fora.pl/ ] Comprare cialis in Italia[/url] poo poo funzionamento comprare poo poo generico poo poo acquisto on line [url=http://farmitalia.fora.pl/ ] Compra cialis online[/url] ? possibile acquistare on-line Cialis generici economici e sicuri. [url=http://milanofarma.fora.pl/ ] Compra cialis generico[/url] Cialis Levitra senza ricetta e il nostro dottore si occuper? di fornirvi [url=http://farmanova.fora.pl/ ]Come Compra cialis in Italia[/url] italia sia il sistema cardiovascolare e scheletrico-muscolare, [url=http://farmaroma.fora.pl/ ]Come Compra cialis [/url]

November 5, 2009 at 7:54 PM  

Post a Comment

Subscribe to: Post Comments (Atom)