[Previous] [Contents]

Creating a Key and Certificate

For ApacheSSL to operate, it needs to be configured with a private key and a certificate. ApacheSSL comes with a script that runs the openssl utility to create a key and a self-signed certificate. This is the easiest way to get started. Once the key and certificate have been created, they need to be configured into Apache. Again, the version of Apache and the patch applied are assumed to be Version 1.3.19; if a different version is used, the following steps need to be changed to include the correct directories based on the version number.

  1. Create the key and signed certificate.

    % cd /usr/local/apache_1.3.19/src
    % make certificate
    
  2. The make certificate script asks for several fields including country, state, organization name, and the machine hostname encoded into the certificate. The script produces a file that contains both the private key and the signed certificate:

    /usr/local/apache_1.3.19/SSLconf/conf/httpsd.pem
    
  3. After logging in as the root user, copy the key and certificate file into the Apache installation:

    % cd /usr/local/apache_1.3.19/SSLconf/conf
    % cp httpsd.pem /usr/local/apache/conf/default.pem
    
  4. Modify the httpsd.conf file with a text editor so that PHP files are processed by the PHP scripting engine. The configuration file is found in the directory /usr/local/apache/conf/. Remove the initial # character from the following line:

    AddType application/x-httpd-php .php
    
  5. Modify the httpsd.conf file by changing the Port from 80 to the secure web server port 443:

    Port 443
    
  6. Add the following lines to the end of the httpsd.conf file:

    #
    # SSL Parameters
    #
    SSLCACertificateFile /usr/local/apache/conf/default.pem
    SSLCertificateFile /usr/local/apache/conf/default.pem
    SSLCacheServerPath /usr/local/apache/bin/gcache
    SSLCacheServerPort 18698
    SSLSessionCacheTimeout 3600
    
  7. Start Apache. Unlike a normal Apache installation, ApacheSSL creates an httpsdctl script:

    % /usr/local/apache/bin/httpsdctl start
    

    In some cases, this doesn't correctly start Apache. If this happens, use the following alternative commands to explicitly specify the configuration file to use with the secure Apache:

    % cd /usr/local/apache/
    % bin/httpsd -f conf/httpsd.conf
    
  8. A secure Apache is now running and serving requests on port 443-the default HTTPS port-with SSL. This can be tested by requesting the resource https://localhost/ with a web browser. The installation process is now complete.

When a resource such as https://localhost/ is requested with a browser, the browser alerts the user to an unknown certificate. To obtain a certificate that will be trusted by users, the openssl utility needs to be run to create a private key and a certificate request. The certificate request is then sent to a Certification Authority to be signed using their authoritative certificates. There is a fee for this service. While the Apache configuration allows both the key and the certificate to be placed in the one file, the private key should not be sent to anyone, not even the Certification Authority.

If a trusted certificate is required, consult the OpenSSL documentation that describes how to create keys and Certificate Signing Requests. This documentation can be found at http://www.openssl.org/docs/apps/openssl.html.

Installation Resources

For more information on installing and configuring, there are several resources:

  • For Microsoft Windows installation, we recommend the PHP Triad for Windows installation package available from http://sourceforge.net/projects/phptriad/. The package contains MySQL, PHP, Apache, and PHPMyAdmin for MySQL maintenance through a web browser interface.

  • NuSphere sells integrated Apache, PHP, and MySQL bundles with simple installation procedures and software support. A free download of the installation package without support is also available for Linux, Sun Solaris, and Microsoft Windows environments. Under the Linux environment, NuSphere is installed by following simple steps in a web browser.

  • The PHP online manual has instructions for installing PHP with most web servers and platforms, but these instructions are concise. They are located at http://www.php.net/manual.

  • Many of the online resources accessible from http://www.php.net/links.php have installation tutorials or guides.

  • The MySQL manual provides an excellent step-by-step guide to installing and configuring MySQL in many environments. The MySQL web site URL is: http://www.mysql.com.

[Previous] [Contents]