SSL

We have now the Wiki as well as the trac system working with http over SSL. From now on, all traffic should be encrypted and one should be forwarded to port 443 when connecting on port 80.

To Do

  • The currently used certificate is only self-signed. We have already applied for a certificate from RRZN.
  • Also, in the certificate, the CN (server name) is set to n0.aei.uni-hannover.de, which of course doesn't exist yet.

Generating Key

Do this in /etc/apache2/ssl/ to generate the ssl certificate.

 # generate private key
 openssl genrsa -out private.key 2048
 chmod 600 private.key
 # generate the PEM file to request signing of the certificate
 openssl req -new -key private.key -out cert.pem
 # self-sign certificate with private key
 openssl x509 -in cert.pem -out certificate -req -signkey private.key -days 365

It is important to enter the FQDN when asked for the name, or else apache will complain on startup.

Enabling SSL in Apache

 <VirtualHost *:443>
        DocumentRoot /var/www/
        # other settings here
 
        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/n0.crt
        SSLCertificateKeyFile /etc/apache2/ssl/n0.key
        SSLProtocol All -SSLv2
 </VirtualHost>
 
 <VirtualHost *:80>
        Redirect / https://%SERVER_NAME/
 </VirtualHost>

This makes apache forward all requests from http to https. Also don't forget to write
 Listen 443
somewhere to switch on 443 in the frist place.

This topic: ATLAS > SSL
Topic revision: 28 May 2008, HenningPerl
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback