Apache SSL

Apache-SSL is a version of the Apache web server which is built using OpenSSL and a set of patches to Apache. SSLeay was written by Eric Young and further developed by a lot of other people to OpenSSL , and the patches for Apache by Ben Laurie. Details about Apache and Apache-SSL are available in the O'Reilly book "Apache - The Definitive Guide" by Ben Laurie & Peter Laurie.

To build Apache-SSL you need OpenSSL and also need to Apache
Now you have the choice :

  1. Get Apache 1.3.9 with mod-SSL.
  2. Get Apache 1.3.9 with SSL included.
  3. Get Win 32 Apache-SSL.
Instructions for building Apache-SSL are given in the Security chapter of the book.
or here the short instruction (copyed from www.apache.org/faq ) Now I've got my server installed, how do I create a test certificate?

Step one - create the key and request:

  openssl req -new > new.cert.csr
Step two - remove the passphrase from the key (optional):

  openssl rsa -in privkey.pem -out new.cert.key
Step three - convert request into signed cert:

   openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365
The Apache-SSL directives that you need to use the resulting cert are:

  SSLCertificateFile /path/to/certs/new.cert.cert
  SSLCertificateKeyFile /path/to/certs/new.cert.key

How do I create a client certificate?

Step one - create a CA certificate/key pair, as above.

Step two - sign the client request with the CA key:

  openssl x509 -req -in client.cert.csr -out client.cert.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365
Step three - issue the file 'client.cert.cert' to the requester.

The Apache-SSL directives that you need to validate against this cert are:

  SSLCACertificateFile /path/to/certs/my.CA.cert
  SSLVerifyClient 2

Cookbook