logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



SSL certificate into Apache ?

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
higgy187



Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville

PostPosted: Sun 28 Jul '19 11:29    Post subject: SSL certificate into Apache ? Reply with quote

I have apache 2.4. I was able to get it up and running.

C:\Apache24\bin>httpd.exe -t
Syntax OK

I have a .key and .csr file in the C:\Apache24\bin which is where openssl put those when I was done. I got everthing else done. I have two more files I downloaded when certificate was approved x.509 is one of them and it called the other apachebundle both are .crt. Now im lost not sure what to do now. where do these files go and what changes to config files do I need to make. do I need to port forward port 443.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6638
Location: Germany, Next to Hamburg

PostPosted: Mon 29 Jul '19 14:59    Post subject: Reply with quote

You need to add a vhost for port 443. And if you use a router you need to forward port 443.

Code:

<VirtualHost *:80>
   ServerName example.com
   DirectoryIndex index.html
   CustomLog "C:\nul" common

   DocumentRoot "C:/htdocs"
   <Directory "C:/htdocs">
      Options Indexes FollowSymLinks
      AllowOverride All
      Require all granted
   </Directory>
</VirtualHost>

<VirtualHost *:443>
   ServerName example.com
   DirectoryIndex index.html
   CustomLog "C:\nul" common

   DocumentRoot "C:/htdocs"
   <Directory "C:/htdocs">
      Options Indexes FollowSymLinks
      AllowOverride All
      Require all granted
   </Directory>
   
   SSLEngine on
   SSLCertificateFile conf/certs/fullchain.pem
   SSLCertificateKeyFile conf/certs/privkey.pem

   <Files ~"\.(cgi|shtml|phtml|php|htm|html?)$>
      SSLOptions +StdEnvVars
   </Files>
</VirtualHost>
Back to top
higgy187



Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville

PostPosted: Mon 29 Jul '19 21:16    Post subject: Reply with quote

awesome thanks, what do I do with the two .crt files, and where in the hppd.conf does the virtual host need to go.
I forwarded the port and both 80 and 443 are open. I also noticed that example has a vh for 80 do I need that also.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6638
Location: Germany, Next to Hamburg

PostPosted: Tue 30 Jul '19 8:41    Post subject: Reply with quote

The crt file for SSLCertificateFile
and the key file SSLCertificateKeyFile
Back to top
higgy187



Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville

PostPosted: Tue 30 Jul '19 22:16    Post subject: Reply with quote

James Blond wrote:
The crt file for SSLCertificateFile
and the key file SSLCertificateKeyFile


TYVM I got it working with that information. The only thing left now is to ask how would I go about getting it to only run secured.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6638
Location: Germany, Next to Hamburg

PostPosted: Wed 31 Jul '19 8:25    Post subject: Reply with quote

In the port vhost add

Code:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


make sure that you load / enable mod_rewrite for that.

Also recommended for the SSL config

Code:

SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1
Back to top
higgy187



Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville

PostPosted: Wed 31 Jul '19 9:24    Post subject: Reply with quote

got it all added everything is running.
when I added all this what exactly did I do





James Blond wrote:
In the port vhost add

Code:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


make sure that you load / enable mod_rewrite for that.

Also recommended for the SSL config

Code:

SSLOptions +StrictRequire +StdEnvVars -ExportCertData
SSLProtocol -all +TLSv1.2 +TLSv1.3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384

SSLOpenSSLConfCmd ECDHParameters secp384r1
SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1
Back to top
higgy187



Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville

PostPosted: Tue 06 Aug '19 12:08    Post subject: SSL Reply with quote

When I try to go to this site it say
Forbidden

You don't have permission to access / on this server.

Code:

Listen 80
Listen 443

<VirtualHost *:80>
   ServerName thebible.mynoxapater.com
   DirectoryIndex index.html
   CustomLog "C:\nul" common

   DocumentRoot "C:/htdocs"
   <Directory "C:/htdocs">
      Options Indexes FollowSymLinks
      AllowOverride All
      Require all granted
   </Directory>
</VirtualHost>

<VirtualHost *:443>
   ServerName thebible.mynoxapater.com
   DirectoryIndex index.html
   CustomLog "C:\nul" common

   DocumentRoot "C:/htdocs"
   <Directory "C:/htdocs">
      Options Indexes FollowSymLinks
      AllowOverride All
      Require all granted
   </Directory>

   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
   
   SSLEngine on
   SSLCertificateFile conf/certs/x509.crt
   SSLCertificateKeyFile conf/certs/thebible.key
   SSLOptions +StrictRequire +StdEnvVars -ExportCertData
   SSLProtocol -all +TLSv1.2 +TLSv1.3
   SSLCompression Off
   SSLHonorCipherOrder On
   SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384
   SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
   SSLOpenSSLConfCmd ECDHParameters secp384r1
   SSLOpenSSLConfCmd Curves sect571r1:sect571k1:secp521r1:sect409k1:sect409r1:secp384r1:sect283k1:sect283r1:secp256k1:prime256v1

   <Files ~"\.(cgi|shtml|phtml|php|htm|html?)$>
      SSLOptions +StdEnvVars
   </Files>
</VirtualHost>
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6638
Location: Germany, Next to Hamburg

PostPosted: Tue 06 Aug '19 16:00    Post subject: Reply with quote

Is there an index.html? If you have a different file change the DirectoryIndex
Back to top
higgy187



Joined: 28 Jul 2019
Posts: 6
Location: usa, louisville

PostPosted: Wed 07 Aug '19 0:49    Post subject: file Reply with quote

James Blond wrote:
Is there an index.html? If you have a different file change the DirectoryIndex


index
type of file. HTML Document (.html)
location. C:\Apache24\htdocs
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6638
Location: Germany, Next to Hamburg

PostPosted: Wed 07 Aug '19 8:15    Post subject: Reply with quote

What is in the apache error log about that?
Back to top
gene2



Joined: 08 Aug 2019
Posts: 2

PostPosted: Thu 08 Aug '19 18:42    Post subject: Reply with quote

Is you DocumentRoot "C:/htdocs" or "C:\Apache24\htdocs"?
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1