# how to ssl + apache2 [SOLVED with self signed cert]

## upengan78

Hi,

I want to know the steps for using SSL with HTTP ( Apache2 ) on Gentoo x86_64

I am using Apache2 and I want to use a self signed SSL certificate for my machine on which http://<full host name> works.

I have Openssl installed.

I don't know the exact steps involved in this generation of private key and certificate ( i don't want to generate CSR because i am not paying  any one for signing certificate)

and making it work with Apache2 !

Please let me know , 

ThanksLast edited by upengan78 on Thu Aug 16, 2007 9:53 pm; edited 1 time in total

----------

## HeissFuss

Go here and ignore the instructions on postfix.

----------

## upengan78

thanks but DID NOT help

because apache restarts after that and works well with http only.

there is simply no ssl port for https . after running nmap 443 port is absent amongst the ports my machine is listening to. ??

is there something missing in virtual host config i dont know

most of docs suggest /etc/apache2/conf/ssl but infact al seems installed in /etc/apach2/ssl and no conf directory there.

but /etc/apache2/ssl is a link to /usr/lib/apache2/conf/ssl

anyway ssl or https does not even start for me !

 *Quote:*   

> 
> 
> /usr/sbin/apache2 -S
> 
> [Wed Aug 15 13:08:53 2007] [warn] NameVirtualHost *:80 has no VirtualHosts
> ...

 

----------

## HeissFuss

In /etc/conf.d/apache2

on line

APACHE2_OPTS=

add

-D SSL -D SSL_DEFAULT_VHOST

Stop and then start apache2.  You should be prompted to accept your shamelessly self-signed certificate when you connect (there's a default one which will generate a domain mismatch if you haven't created your own.)

----------

## upengan78

 *Quote:*   

> # /etc/init.d/apache2 restart
> 
>  * Stopping apache2 ...
> 
> [Wed Aug 15 14:51:22 2007] [warn] _default_ VirtualHost overlap on port 443, the first has precedence                                                [ ok ]
> ...

 

but it did ask shamelessly as u said, you have rightly figured out the issue HeissFuss !!

dont know about those warnings but

Thanks a lot !!!!  :Very Happy: 

----------

## HeissFuss

Did you change any port 80 to 443 in any of the config files or add 443 anywhere?  With these settings you shouldn't have needed to change any.

----------

## upengan78

cd /etc/apache2

[quote

#]egrep 443 */*  

modules.d/40_mod_ssl.conf:#Listen 443

modules.d/41_mod_ssl.default-vhost.conf:<VirtualHost _default_:443>

modules.d/41_mod_ssl.default-vhost.conf:ServerName xx.yy.zzz:443

[/quote]

thats it ! no where else i think

----------

## upengan78

 :Sad:   btw , why does one has to remove the passphrase from the private key to get this ssl goin ?

I wish there were some modifications which could allow the Private Key with a Passphrase use on Apache2  Web server

----------

## upengan78

Hi

I recetnly did 

emerge --sync and emerge -uDvNta world

After this I did etc-update with -5 option

and now when I do /etc/init.d/apache2 restart , it gives following error and neither of port serve pages when checked in browser, earlier it used to work

 *Quote:*   

> * Starting apache2 ...
> 
> [Wed Sep 26 14:28:51 2007] [warn] _default_ VirtualHost overlap on port 443, the first has precedence                                      [ !! ]

 

http://localhost and https://localhost both used to work ealrier !

Please help !!

----------

## HeissFuss

Don't do a -5 with etc-update unless you're sure none of the new configs affect things that you've hand modified.  Your /etc/conf.d/apache2 was probably overwritten, and possibly /etc/apache2/httpd.conf also.

----------

## upengan78

 :Smile:  Well Right thats what happened, I am still confused with those options

-3 -5   :Sad: 

----------

