Debianhelp.co.uk

Installing Apache 2 in Debian 3.1 (Sarge) including SSL

  By Default apache2 package you will be given the package apache2-mpm-worker, other packages are available:

apache2-mpm-worker

The worker MPM provides a threaded implementation for Apache2. It is considerably faster than the traditional model, and is the recommended MPM.

apache2-mpm-prefork

This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests in a manner similar to Apache 1.3. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries.

 

#apt-get  install apache2

#apt-get install apache2-mpm-prefork

Run the script “apache2-ssl-certificate”  i.e

# apache2-ssl-certificate

and you can see the following  screen and enter all the required information.

 Creating self-signed certificate

replace it with one signed by a certification authority (CA)

enter your ServerName at the Common Name prompt

If you want your certificate to expire after x days call this programm

with -days x

Generating a 1024 bit RSA private key

..........................................++++++..........++++++

writing new private key to '/etc/apache2/ssl/apache.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company; recommended) []:

Organizational Unit Name (eg, section) []:

server name (eg. ssl.domain.tld; required!!!) []:

Email Address []:

Run the script “a2enmod ssl”  i.e

 # a2enmod ssl

 This  Will automatically generates a symbolic link between mods- available and mods – enabled 

Make a copy of '/etc/apache2/sites-available/default' in the /etc/apache2/sites-available/default file - call it 'ssl'

# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Make a sym-link to this new site configuration for this use

#  ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/                     

(or)
#a2ensite ssl

 If you want to change the any basic configuration settings change in /etc/apache2/apache2.conf and if you want to change the default document root change in /etc/apache2/sites-available/default file and restart the apache server.

 To Restart Apache server use the following command

#/etc/init.d/apache2 restart

 Now we need to change the port address in /etc/apache2/ports.conf by default it will listen port 80 and now we are installing with SSL we need to change port 443 to listen

 Listen 443

Edit /etc/apache2/sites-available/ssl (or whatever you called your new ssl site's config) and change port 80 in the name of the site to 443.

Add below two lines some where in /etc/apache2/apache2.conf file

  SSLEngine On

  SSLCertificateFile /etc/apache2/ssl/apache.pem

Edit SSLCertificateFile /etc/apache2/ssl/apache.pem and enter the locations of certificate file and certificate key file .Below one is the example

Ex:- SSLCertificateFile /etc/apache2/ssl/online.test.net.crt
        SSLCertificateKeyFile /etc/apache2/ssl/online.test.net.key

Set ServerSignature off, follow these steps edit the /etc/apache2/apache2.conf  file and add these two lines

  ServerSignature Off
 ServerTokens ProductOnly

 If you want to add support of php and cgi scripts install the following packages libapache2-mod-php4,php4-cli,php44-common,php4-cgi

 # apt-get install libapache2-mod-php4 php4-cli php4-common php4-cgi

 If you want to allow the different index files types check for the following line in /etc/apache2/apache2.conf file

 DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.shtml

 Restart the apache server

 /etc/init.d/apache2 restart

If you want apache server web interface or GUI tools click here