Apache2, https, and Gutsy Gibbon
Ideally, reconfiguring your Apache installation under Ubuntu to support TLS/SSL (a.k.a. https) would be as easy as:
sudo a2enmod ssl sudo apache2ctl restart
Unfortunately, there are additional steps involved. There used to be a package named apache-ssl which did part of this work for you, but it mysteriously disappeared. Essentially you need to either obtain (or create) a certificate, and configure apache to use that certificate. Much of the ground work was done by Paul Bramscher and Michael R Head, but the results need to be updated for a number of reasons.
First, you enable the ssl module:
sudo a2enmod ssl
Next, you need to tailor the configuration file used to produce your certificate. If you attempt to use the template directly, you will see something like the following error:
problems making Certificate Request 13237:error:0D07A097:asn1 encoding routines:ASN1_mbstring_ncopy:string too long:a_mbstr.c:154:maxsize=2
Instead, copy the configuration file to /tmp and edit it there. I used sed, but you can use your favorite editor. Just make sure that the country code selected is only two characters, or you will continue to see an error like the one above.
cp /usr/share/ssl-cert/ssleay.cnf /tmp sed -i "s/@CountryName@/US/" /tmp/ssleay.cnf sed -i "s/@StateName@/North Carolina/" /tmp/ssleay.cnf sed -i "s/@LocalityName@/Raleigh/" /tmp/ssleay.cnf …
Now, generate the certificate. Note: in the original script, $@ referred to the script arguments, and you need to specify the same file for -out and -keyout.
sudo mkdir /etc/apache2/ssl sudo openssl req -config /tmp/ssleay.cnf -new -x509 -days 1460 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem sudo chmod 600 /etc/apache2/ssl/apache.pem rm /tmp/ssleay.cnf
To complete the configuration you need to create a second website. Your current default website will need to be modified from specifying * to specifying *:80, limiting it to port 80. A new ssl configuration will need to be created, based on the default and differing only in that it specifies port 443, and is configured with SSLEngine On and told where to locate your SSLCertificateFile. Note the step to modify ports.conf is no longer necessary.
cd /etc/apache2/sites-available sudo sed -i '1,2s/\*/*:80/' default sudo cp default ssl sudo sed -i '1,2s/\*:80/*:443/' ssl sudo sed -i "3a\\\tSSLEngine On\n\tSSLCertificateFile /etc/apache2/ssl/apache.pem" ssl sudo a2ensite ssl
Finally, restart Apache:
sudo apache2ctl restart
Oh, and also change your apache configuration to point to /etc/ssl/private, which is the Debian/Ubuntu-standard location for your SSL keys.
Posted by Stephen Touset at
Great reference: How to setup Subversion over WebDAV and…
Great reference: How to setup Subversion over WebDAV and How to setup Trac, both on Ubuntu Update: how timely, Sam Ruby’s Apache2, https, and Gutsy Gibbon...Excerpt from Justinsomnia at
hey. i was using this as a reference. i used the ubuntu steps for the cert. the rest of the steps .. i mean create the ssl file under available sites I did. When I restart my server I see the following error
[Tue Nov 27 15:33:26 2007] [error] Init: Unable to read server certificate from file /etc/ssl/private/apache.pem
[Tue Nov 27 15:33:26 2007] [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
[Tue Nov 27 15:33:26 2007] [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error
any ideas?
Posted by periferral atTo make the long story short: You have entered more than two characters into the country code field to the ssl certificate creator wrapper. The make-ssl-cert wrapper swallows the error message of openssl, and simply does not put in the certificate code into apache.pem
Redo the process in any of the two ways, whit two character country code, and it will work.
Posted by ptorok atSam Ruby: Apache2, https, and Gutsy Gibbon
cd /etc/apache2/sites-available...Excerpt from del.icio.us/captevo/linux at
Apache2 SSL in Ubuntu 7.10 Gutsy
Here is a simple way to get apache2 installed with a self signed SSL cert in Gutsy. First install all the dependencies. sudo apt-get install apache2 sudo apt-get install openssl sudo apt-get install ssl-cert Now create a cert sudo make-ssl-cert...Excerpt from The Offbytwo Blog at
Sam Ruby: Apache2, https, and Gutsy Gibbon
An easy way to create a self-signed SSL certificate in Ubuntu....Excerpt from del.icio.us/cavorito/ssl at
comment added
In an attempt to setup ssl I did this sudo apt-get install openssl sudo apt-get install ssl-cert cp /usr/share/ssl-cert/ssleay.cnf /tmp sed -i “s/@CountryName@/US/” /tmp/ssleay.cnf sed -i “s/@StateName@/Ohio/” /tmp/ssleay.cnf sed -i...Excerpt from dogbowl: Ticket #16 at
Very nice tutorial. I got this working on my server in 5 minutes flat. Great Job!
Thanks,
Ben
There’s an easier way to do this. The ssl-cert package provided in Debian and Ubuntu is a quick frontend for the SSL key generation you’re doing by hand.
Replace your SSL generation steps with:
sudo aptitude install ssl-cert
Posted by Stephen Touset atsudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/ssl/private/apache.pem