Overview

File apache2-README.QUICKSTART.SSL of Package apache2

QUICKSTART.SSL -- How to get your SSL server up and running as fast as possible

You need to have read the README.QUICKSTART before going on with
this one!


o make sure that apache starts with mod_ssl loaded
  - a2enmod ssl
    It adapts /etc/sysconfig/apache2:APACHE_MODULES.

o make sure that the SSL configuration is active
  - a2enflag SSL
    It adapts /etc/sysconfig/apache2:APACHE_SERVER_FLAGS.
  - the reason why the flag SSL is also needed is because it's enclosed in
    <IfDefine> statements. This way it can be dormant until the necessary
    prerequisite are present (keys) and you want to use it. In addition, it 
    can be useful to be able to start apache unattended at boot time even if
    you use encrypted keys that need a passphrase otherwise.

o for a real SSL setup, I recommend TinyCA to create and manage a real ssl setup.
  It is available on SUSE Linux as package "tinyca2".
  Also, please refer to the mod_ssl documentation. 

o The following steps will create _dummy_ keys in a very simple way:
  - run /usr/bin/gensslcert
  - it will (over)write /etc/apache2/ssl.crt/ca.crt
                        /etc/apache2/ssl.key/server.key
                        /etc/apache2/ssl.crt/server.crt
                        /etc/apache2/ssl.csr/server.csr
  - a copy of ca.crt will be installed as /srv/www/htdocs/CA.crt for download.
  - cp vhosts.d/vhost-ssl.template vhosts.d/vhost-ssl.conf
    and adapt vhosts.d/vhost-ssl.conf al gusto
    (note it must end in .conf to be read automatically)

o to check your vhost setup, use "httpd2 -S -DSSL"

o for all configuration questions, consult
    http://localhost/manual (if the apache2-doc package is installed), or 
    http://httpd.apache.org/docs-2.2/ (the online version)
  - read the documentation under /usr/share/doc/packages/apache2/ (where you
    will also find example configuration files)

o TROUBLESHOOTING -- if anything does not work: 
  - fire up "tail -F /var/log/apache2/*_log &" in a root shell
  - reproduce what is not working (starting apache, doing client requests,
    or whatever), and see how it is reflected in the logs
  - read http://www.suse.com/~poeml/apache-faq.html
  - make use of http://bugzilla.novell.com if you suspect a bug

o common symptom:
  - server logs this: [Thu Aug 28 21:07:39 2003] [error] [client 192.168.0.180] Invalid method in request j
  - client shows this: SSL error: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
  cause: client speaks HTTPS, server speaks HTTP. If that happens to be port
         443, it means that the server is listening on the port but not with
         SSL.  If it was the other way round (client speaks HTTP, server
         speaks HTTPS), the server would log 400 and the client show an error
         400 (HTTP_BAD_REQUEST) page.
openSUSE Build Service is sponsored by
Places