How apache server ready for SSL support

[charith]

I have already install Apache2+php and work well.
Now I want to make that server ready for SSL support. please explain in detail how I install ssl( what changes I should make in the httpd.conf and any other configuration files to make) the server ready for SSL. I goggle many time and every things talk about enabling ssl-mod but I can't enable it ( sudo a2enmod ssl give error ) also I try to compile openssl-0.9.7e.tar.gz but it also give error
I install apache from source but i didn't add ssl mod with it so now what ? please help me

[daark.child]

Code:

sudo a2enmod ssl

will only work if you are using the apache 2 packages provided by Ubuntu. What is the error that you get when you try to compile openssl? There is a good guide for installing and configuring apache 2 on Ubuntu here.

[charith]

Thanks for reply..
I got this error when I try to compile ( make ) openssl


"

Code:

 cc1: error: unrecognized command line option "-m486"
make[1]: *** [cryptlib.o] Error 1
make[1]: Leaving directory `/home/charith/Public/openssl-0.9.7e/crypto'
make: *** [sub_all] Error 1
"

[daark.child]

Can you post another 5 - 10 lines before the error actually appears on your command line. I'd urge you to just install the Ubuntu apache 2 packages if you are just getting started and then compile your own packages when you have got more experience with apache 2.

[anuagg89]

Available Languages: en | ko | tr

Apache 2.x is a general-purpose webserver, designed to provide a balance of flexibility, portability, and performance. Although it has not been designed specifically to set benchmark records, Apache 2.x is capable of high performance in many real-world situations.

Compared to Apache 1.3, release 2.x contains many additional optimizations to increase throughput and scalability. Most of these improvements are enabled by default. However, there are compile-time and run-time configuration choices that can significantly affect performance. This document describes the options that a server administrator can configure to tune the performance of an Apache 2.x installation. Some of these configuration options enable the httpd to better take advantage of the capabilities of the hardware and OS, while others allow the administrator to trade functionality for speed.

[charith]

Can you post another 5 - 10 lines before the error actually appears on your command line. I'd urge you to just install the Ubuntu apache 2 packages if you are just getting started and then compile your own packages when you have got more experience with apache 2.

This is error I get when make

Code:

root@charith-desktop:/home/charith/Public/openssl-0.9.7e# make
making all in crypto...
make[1]: Entering directory `/home/charith/Public/openssl-0.9.7e/crypto'
( echo "#ifndef MK1MF_BUILD"; \
	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
	echo '  #define CFLAGS "gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM"'; \
	echo '  #define PLATFORM "linux-elf"'; \
	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
	echo '#endif' ) >buildinf.h
gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_KRB5 -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM   -c -o cryptlib.o cryptlib.c
cc1: error: unrecognized command line option "-m486"
make[1]: *** [cryptlib.o] Error 1
make[1]: Leaving directory `/home/charith/Public/openssl-0.9.7e/crypto'
make: *** [sub_all] Error 1

[daark.child]

Did ./configure finish successfully? From the output it looks like the ./configure process may not have finished successfully.

[charith]

Yes ./configure didn't give any error......., I have waste so many days for this please tell me correct way to enable ssl in running apache2 server please can any one help me?

[daark.child]

Try the suggestions here.

[charith]

Thank you very much daark....using your link I compile openssl without errors But when i start Apache it give following error,,,,,,,

Code:

  
root@charith-desktop:/usr/local/apache2/bin# ./apachectl start
Syntax error on line 441 of /usr/local/apache2/conf/httpd.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

When I uncomment "LoadModule ssl_module modules/mod_ssl.so" line in httpd.conf I get following error....

Code:

root@charith-desktop:/usr/local/apache2/bin# ./apachectl start
httpd: Syntax error on line 18 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/local/apache2/modules/mod_ssl.so into server: /usr/local/apache2/modules/mod_ssl.so: invalid ELF header

This is my httpd.conf <VirtualHost:443>

Code:

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>


NameVirtualHost 127.0.0.1:80
NameVirtualHost 127.0.0.1:443


<VirtualHost 127.0.0.1:443>

ServerAdmin charith079@gmail.com
DocumentRoot /usr/local/apache2/htdocs/ssl
ServerName .........
ServerAlias ............
ErrorLog /usr/local/apache2/logs/server2log

       SSLEngine On


   # Here, I am allowing only "high" and "medium" security key lengths.
SSLCipherSuite HIGH:MEDIUM

# Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
SSLProtocol all -SSLv2

#   Server Certificate:
SSLCertificateFile /usr/local/apache2/secure.com.crt

#   Server Private Key:
SSLCertificateKeyFile /usr/local/apache2/conf/secure.com.key

#   Server Certificate Chain:
SSLCertificateChainFile /usr/local/apache2/conf/my-ca.crt

#   Certificate Authority (CA):
SSLCACertificateFile /usr/local/apache2/conf/my-ca.crt

# This is needed so that you can use auto-indexing for some directories in the 
# /var/www/SSL directory branch.  This can be handy if you would like to have 
# a list of sensitive files for people to download.
<Directory "/var/www/SSL">
        Options Indexes
        AllowOverride None
        Allow from from all
        Order allow,deny
</Directory>

     
</VirtualHost>

following information may help you

sudo a2enmod ssl

Code:

root@charith-desktop:/usr/local/apache2/bin# sudo a2enmod ssl
Module ssl already enabled
root@charith-desktop:/usr/local/apache2/bin#

I'm using Ubuntu OS

Thank you very much for your valuable time this is big help for me because I wast lot of time for this but couldn't get answer please help me