Apache, Virtual Hosts, HTTPS, Self-Signed Certificates

Disclaimer

The aforementioned instructions/steps worked for me running CentOS. It may very well work for you on Red Hat-like distributions or otherwise. Please note that if you decide to use these instructions to update PHP/MySQL (or other packages) on your machine, you are doing so entirely at your very own discretion and that neither this site, sgowtham.com, nor its author is responsible for any/all damage – intellectual or otherwise.



It has been a while and many things (Apache and Virtual Hosts) have been working smoothly for few years now but I could never quite figure out how to set up the secure portion. Had tried it several times with very little success and a bit more (extensive) search later, I think I have it working properly now. For the sake of completeness, let me just go through with Apache as well as Virtual Hosts.


Apache, PHP, MySQL

It is my practice that I do a full/maximal installation of any linux distribution and that takes care of installing Apache (with all the required modules), PHP, MySQL, etc. I bet there are tons of documents online that you can refer and install them if you don’t already have them.


Virtual Hosts

Let us suppose that ISP does not block port 80 (and 443) and let us further suppose that ISP assigns a static IP address – something like 24.205.120.89. For whatever reason, let us also suppose that we need to serve websites from this address, namely http://mydomain.com/ and http://yourdomain.com/. Since I am using CentOS distribution, the ServerRoot is set to /etc/httpd and the configuration file is located in /etc/httpd/conf/httpd.conf. To accommodate hosting multiple domains, my configuration was made to look as follows (towards the very end):


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
NameVirtualHost *:80
 
<VirtualHost *:80>
  DocumentRoot /var/www/html
  ServerName 24.205.120.89
  ServerSignature On
  DirectoryIndex index.html index.php index.cgi index.pl
  AccessFileName .htaccess
</VirtualHost>
 
<VirtualHost *:80>
  DocumentRoot /var/www/mydomain
  ServerName mydomain.com
  ServerSignature On
  ServerAdmin admin@mydomain.com
  DirectoryIndex index.html index.php index.cgi index.pl
  AccessFileName .htaccess
</VirtualHost>
 
<VirtualHost *:80>
  DocumentRoot /var/www/yourdomain
  ServerName yourdomain.com
  ServerSignature On
  ServerAdmin admin@yourdomain.com
  DirectoryIndex index.html index.php index.cgi index.pl
  AccessFileName .htaccess
</VirtualHost>



It is to be noted, needless to say, that the folders /var/www/html, /var/www/mydomain and /var/www/yourdomain must exist and must contain appropriate content. Also, A Record in the corresponding registrars must point to 24.205.120.89 as the destination. Upon restarting apache (/etc/init.d/httpd restart), these domains should be serving out contents just fine.


HTTPS & Self-Signed Certificates

Now that the non-secure (HTTP) portions are working fine, let us suppose that one of the domains, http://yourdomain.com/ has some contents that need to be served securely (HTTPS) as https://yourdomain.com/secure-content/. It is to be noted that only one of the three (or however many you may have) domain contents can be served in a secure way. First step is to edit /etc/httpd/conf.d/ssl.conf and make (parts of it) look like:


1
2
3
4
5
6
DocumentRoot "/var/www/yourdomain"
ServerName yourdomain.com:443
ServerSignature On
ServerAdmin admin@yourdomain.com
DirectoryIndex index.html index.php index.cgi index.pl
AccessFileName .htaccess



Next step is get Security Certificates but getting them commercially, although more trusted, can be expensive. Especially if the purpose is for testing and such, generating self-signed certificates using built in tools is the most economical way. Again, there are plethora of documents online that provide this information but is included here for completeness purposes:

  1. First step in this process is to generate the private keys for the server:
    openssl genrsa -des3 -out server.key 1024
  2. Next step is to create a Certificate Signing Request (CSR) to get signed by the CA. Enter appropriate information when prompted.
    openssl req -new -key server.key -out server.csr
  3. Next, CSR needs to be signed with the key generated in Step #1.
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
  4. Optionally, one can remove the password from key generated in Step #1.
    cp server.key server.key.withpass
    openssl rsa -in server.key.withpass -out server.key
  5. Penultimate step is to place these files appropriately:
    cp server.key /etc/httpd/conf/ssl.key/
    cp server.crt /etc/httpd/conf/ssl.crt/
    cp server.csr /etc/httpd/conf/ssl.csr/
  6. Restart Apache
    /etc/init.d/httpd restart

That’s it. If nothing went wrong in the process, https://yourdomain.com/ should now be serving secure content. The browser should display some warning and the security certificate can be accepted temporarily or permanently before the secure contents can be seen.


A Working Example

I followed these steps to make my website secure – not that there are too many things that need to be served in a secure way. You can check it out if you wish.

4 Replies to “Apache, Virtual Hosts, HTTPS, Self-Signed Certificates”

  1. Hey G,

    Great new pics. I especially like the Houghton and MTU football ones. Makes me miss this place already and I am still here!

    I was wondering if you have any blogs/websites etc. that do a good (but understandable) job at explaining the color spectrum graphs on a digital camera? You know, the ones you see after taking a picture that show the red, green, and blue color levels. I think I am forgetting their proper name.

    Thanks!

    Adam

Comments are closed.