Outils personnels

Apache2 SSL sur Debian Etch : Différence entre versions

De wikiGite

 
Ligne 11 : Ligne 11 :
  
 
'''Note''': Pour générer un certificat sous Sarge, il suffisait de taper "apache2-ssl-certificate", mais cette commande n'est plus disponible sous Etch.
 
'''Note''': Pour générer un certificat sous Sarge, il suffisait de taper "apache2-ssl-certificate", mais cette commande n'est plus disponible sous Etch.
 +
#openssl req $@ -new -x509 -days 3650 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
 +
 +
Generating a 1024 bit RSA private key
 +
………………………………………….++++++
 +
…………………………………….++++++
 +
writing new private key to ‘/etc/apache2/apache.pem’
 +
—–
 +
You are about to be asked to enter information that will be incorporated
 +
into your certificate request.
 +
What you are about to enter is what is called a Distinguished Name or a DN.
 +
There are quite a few fields but you can leave some blank
 +
For some fields there will be a default value,
 +
If you enter ‘.’, the field will be left blank.
 +
—–
 +
Country Name (2 letter code) [AU]:GB
 +
State or Province Name (full name) [Some-State]:
 +
Locality Name (eg, city) []:London
 +
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian
 +
Organizational Unit Name (eg, section) []:
 +
Common Name (eg, YOUR name) []:
 +
Email Address []:
 +
Vérifier les permissions sur le fichier .pem
 +
#chmod 600 /etc/apache2/ssl/apache.pem
  
 +
Ajouter le port 443 aux ports écoutés par apache, dans /etc/apache2/ports.conf
 +
Listen 443
  
#openssl req $@ -new -x509 -days 3650 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
+
Activer le support SSL pour apache
 +
#a2enmod ssl
 +
  Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
  
Generating a 1024 bit RSA private key
+
Redémarrer apache pour prendre en compte les modifications
………………………………………….++++++
+
#/etc/init.d/apache2 restart
…………………………………….++++++
 
writing new private key to ‘/etc/apache2/apache.pem’
 
—–
 
You are about to be asked to enter information that will be incorporated
 
into your certificate request.
 
What you are about to enter is what is called a Distinguished Name or a DN.
 
There are quite a few fields but you can leave some blank
 
For some fields there will be a default value,
 
If you enter ‘.’, the field will be left blank.
 
—–
 
Country Name (2 letter code) [AU]:GB
 
State or Province Name (full name) [Some-State]:
 
Locality Name (eg, city) []:London
 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian
 
Organizational Unit Name (eg, section) []:
 
Common Name (eg, YOUR name) []:
 
Email Address []:
 
  
This will complete the certificate now you need to make sure you have the correct permissions for .pem file if not use the
+
Configurer SSL dans les VirtualHosts
  
following command to set the correct permissions
+
Editer /etc/apache2/sites-available/default et changer
 +
NameVirtualHost *
 +
par
 +
NameVirtualHost *:80
 +
NameVirtualHost *:443
  
#chmod 600 /etc/apache2/ssl/apache.pem
+
Configurer les Virtualhosts utilisant le port 443 hosts : ajouter
 +
SSLEngine on
 +
SSLCertificateFile /etc/apache2/apache.pem
  
By default the server will listen for incoming HTTP requests on port 80 - and not SSL connections on port 443. So you need to enable SSL support by entering the following entry to the file /etc/apache2/ports.conf save and exit the file.
+
Recharger la configuration apache après ces modifications
 
+
# /etc/init.d/apache2 reload
Listen 443
+
  Reloading web server config… XXXX
 
 
Enable SSL Support
 
 
 
If you want to enable SSL support for your apache web server you need to use the following comamnd
 
 
 
#a2enmod ssl
 
Module ssl installed; run /etc/init.d/apache2 force-reload to enable.
 
 
 
Now you need to restart the apache2 server using the following command
 
 
 
#/etc/init.d/apache2 restart
 
 
 
Configuring SSL Certificate to Virtual Hosts in Apache2
 
 
 
First you need to edit the /etc/apache2/sites-available/default file change
 
 
 
NameVirtualHost *
 
to
 
 
 
NameVirtualHost *:80
 
NameVirtualHost *:443
 
 
 
Now you need to configure Virtual hosts using port 80
 
 
 
Example
 
ServerAdmin webmaster@localhost
 
.
 
.
 
.
 
configure Virtual hosts using port 443 the main difference is you need to use the following two lines for each SSL hosts.
 
 
 
SSLEngine on
 
SSLCertificateFile /etc/apache2/apache.pem
 
 
 
Example
 
ServerAdmin webmaster@localhost
 
.
 
.
 
.
 
SSLEngine on
 
SSLCertificateFile /etc/apache2/apache.pem
 
 
 
Now you need to restrat your apache web server using the following comamnd
 
 
 
# /etc/init.d/apache2 reload
 
 
 
Reloading web server config… XXXX
 

Version du 29 septembre 2008 à 14:45

Install Apache + SSL (+PHP si nécessaire)

#apt-get install apache2
#apt-get install openssl ssl-cert
#apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi

Une fois le serveur apache installé, on doit générer un certificat, activer le support SSL dans apache et configurer les options SSL.

Générer un certificat

Générer un certificat permet de protéger le traffic entre client(s) et serveur, cependant il ne sera pas validé par une autorité de certification et provoquera des warnings.
Pour éviter ces messages, on doit obtenir un certificat validé par un vendeur de certificats SSL.

Note: Pour générer un certificat sous Sarge, il suffisait de taper "apache2-ssl-certificate", mais cette commande n'est plus disponible sous Etch.

#openssl req $@ -new -x509 -days 3650 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem

Generating a 1024 bit RSA private key
………………………………………….++++++
…………………………………….++++++
writing new private key to ‘/etc/apache2/apache.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:London
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Debian
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Vérifier les permissions sur le fichier .pem

#chmod 600 /etc/apache2/ssl/apache.pem

Ajouter le port 443 aux ports écoutés par apache, dans /etc/apache2/ports.conf

Listen 443

Activer le support SSL pour apache

#a2enmod ssl
 Module ssl installed; run /etc/init.d/apache2 force-reload to enable.

Redémarrer apache pour prendre en compte les modifications

#/etc/init.d/apache2 restart

Configurer SSL dans les VirtualHosts

Editer /etc/apache2/sites-available/default et changer

NameVirtualHost *

par

NameVirtualHost *:80
NameVirtualHost *:443

Configurer les Virtualhosts utilisant le port 443 hosts : ajouter

SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem

Recharger la configuration apache après ces modifications

# /etc/init.d/apache2 reload
  Reloading web server config… XXXX