Setting up Secure HTTP (HTTPS) with Apache and Mod_SSL By Ed, 12-23-99 www.narced.com/linux To set up Secure HTTP (https), you can go a few ways. The *free* ways are to use either apache with mod_ssl or apache with apache-ssl. The setup for mod_ssl seems better and more configureable than apache-ssl, especially when generating certificates. Here are the directions: STEP 1: DOWNLOAD A. Download Apache from www.apache.org/dist/ B. Download mod_ssl from www.modssl.org/source/ C. Download OpenSSL from www.openssl.org/sourcs STEP 2: INSTALL OPENSSL A. Extract the openssl-0.9.4.tar.gz (latest, as of this writing) like this: tar -xzvf openssl-0.9.4.tar.gz Install it: cd openssl-0.9.4 ./config make make test make install (alternatively, you can just type this: ./config ; make ; make test ; make install ) STEP 3: INSTALL MOD_SSL A. Extract Binaries Extract the apache_1.3.9.tar.gz and mod_ssl-2.4.9-1.3.9.tar.gz binaries with tar -xzvf. Both of them will create their own directories: Apache will go into apache_1.3.9/ mod_ssl will go into mod_ssl-2.4.9-1.3.9/ B. Configure Mod_SSL cd mod_ssl-2.4.9-1.3.9/ ./configure --with-apache=../apache_1.3.9 --with-ssl=/usr/local/ssl --prefix=/var/www+modssl (Replace paths as necessary - and make sure OpenSSL is already installed!!) STEP 4: INSTALL APACHE A. Change out of the mod_ssl directory and insto apache: cd .. ; cd apache_1.3.9/ B. Compile it: make C. Generate Certificates: make certificate TYPE=custom (You might want to do this step a few times to see all the options... I still haven't figured all of them out, but this is how to make a self-signed certificate. Also, do NOT encrypt the private key with a password unless you want to enter a password EVERY TIME apache starts up! Not good for reboots...) D. Install it: make install (This will install Apache with support for SSL and all of the appropriate keys in the /var/www+modssl directory - or whatever directory you specified for the " --prefix= " line in step #5.) STEP 5: CONFIGURE APACHE Edit the /var/www+modssl/conf/httpd.conf file and set up Virtual hosts, etc. STEP 6: RUN APACHE Just use this line (make sure paths are correct - you may also want to put this in /etc/rc.d/rc.local or somewhere similar): /var/www+modssl/bin/apachectl startssl TROUBLESHOOTING: If you came across any problems and Apache wouldn't start, try running Apache WITHOUT ssl: /var/www+modssl/bin/apachectl start Also, make sure to examine the logs. This is where you will get hints as to what went wrong. By default, they will be in /var/www+modssl/logs .