Table of Contents
Advertisement
To use SSL, it must be activated in the global server configuration. Open /etc/
sysconfig/apache2 in an editor and search for APACHE_MODULES. Add "ssl"
to the list of modules if it is not already present (mod_ssl is activated by default). Next,
search for APACHE_SERVER_FLAGS and add "SSL". If you have chosen to encrypt
your server certificate with a password, you should also increase the value for
APACHE_TIMEOUT, so you have enough time to enter the passphrase when Apache
starts. Restart the server to make these changes active. A reload is not sufficient.
The virtual host configuration directory contains a template /etc/apache2/vhosts
.d/vhost-ssl.template with SSL-specific directives that are extensively docu-
mented. Refer to
host configuration.
To get started, it should be sufficient to adjust the values for the following directives:
• DocumentRoot
• ServerName
• ServerAdmin
• ErrorLog
• TransferLog
IMPORTANT: Name-Based Virtual Hosts and SSL
It is not possible to run multiple SSL-enabled virtual hosts on a server with
only one IP address. Users connecting to such a setup receive a warning message
stating that the certificate does not match the server name every time they
visit the URL. A separate IP address or port is necessary for every SSL-enabled
domain to achieve communication based on a valid SSL certificate.
40.7 Avoiding Security Problems
A Web server exposed to the public Internet requires an ongoing administrative effort.
It is inevitable that security issues appear, both related to the software and to accidental
misconfiguration. Here are some tips for how to deal with them.
772
Installation and Administration
Section "Virtual Host Configuration"
(page 743) for the general virtual
Advertisement
Table of Contents
Troubleshooting
