Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Apache and Virtual Sites and SSL Dorcas Muthoni.

Published byTheodore Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Apache and Virtual Sites and SSL Dorcas Muthoni."— Presentation transcript:

1 1 Apache and Virtual Sites and SSL Dorcas Muthoni

2 2 Scope What is Apache What is Apache+mod_ssl+Vhosts Digital Signatures Installing Apache+mod_ssl Configuring Apache+Vhosts Your webserver Configuring Apache+mod_ssl

3 3 What is Apache HTTP Webserver: accepts HTTP requests from clients (web browsers), and serves them HTTP responses along with optional data contents By Apache Group and originally written for UNIX, but now runs under Linux, OS/2, Windows and other platforms. As of April 2008 Apache served 50.42% of all websites. Developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.

4 4 What is Apache+mod_ssl+Vhosts mod_ssl Apache HTTP Server module mod_ssl provides an interface to the OpenSSL library, which provides Strong Encryption using the Secure Sockets Layer and Transport Layer Security protocols. SSL provides for secure communication between client and server by allowing mutual authentication, the use of digital signatures for integrity, and encryption for privacy virtual hosts allows one Apache installation to serve many different actual websites. For example, one machine, with one Apache installation could simultaneously serve www.example.com, www.test.com www.example.com www.test.com

5 5 Digital Signatures Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are.cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers digital signature: type of asymmetric cryptography used to simulate the security properties of a handwritten signature on paper.  one for signing which involves the user's secret or private key, and one for verifying signatures which involves the user's public key.

6 6 Secure Transaction src:www.ingeo.com

7 7 Installing Apache+mod_ssl Lets install Apache with mod_ssl  mod_ssl: module provides strong cryptography for the Apache webserver via SSL and TLS protocols by the help of the Open Source SSL/TLS toolkit OpenSSL Installation  # portinstall apache Enable apache to start automatically on boot # vi /etc/rc.conf Add apache22_enable="YES"

8 8 Configuring Apache+Vhosts  cd /usr/local/etc/apache22/  vi httpd.conf Review key the conf file  ServerRoot "/usr/local" : top of the directory tree under which the server's configuration, error, and log files are kept  Listen 80 : bind Apache to specific IP addresses and/or ports  ServerAdmin: Your address, where problems with the server should be e-mailed.  DocumentRoot: The directory out of which you will serve your documents.  ErrorLog: The location of the error log file

9 9 Configuring Apache+Vhosts Supplemental configuration  The configuration files in the etc/apache22/extra/ directory can be included to add extra features or to modify the default configuration of the server Virtual hosts # Virtual hosts Include etc/apache22/extra/httpd-vhosts.conf SSL/TLS # Secure (SSL/TLS) connections # Include etc/apache22/extra/httpd-ssl.conf (to be enabled in a later session)‏

10 10 Your webserver Create the directory for your files in the Document Root # mkdir /usr/local/www/apache22/data Test apache: # telnet localhost 80 not running Start apache # apachectl start Create a page for your home # ee /usr/local/www/apache22/data/index.html Visit your homepage, on your browser  http://localhost Or http://yourIPaddress http://localhosthttp://yourIPaddress

11 11 Configuring Virtual Hosts Supplemental configuration cd /usr/local/etc/apache ee extra/httpd-vhosts.conf (last directive for those who did not install apache22)‏ If you want to maintain multiple domains/hostnames on your machine you can setup VirtualHost containers for them.  e.g. med.youruni.ac.ke, bs.youruni.ac.ke With name-based virtual hosts the server doesn't need to worry about IP addresses Almost any Apache directive may go into a VirtualHost container.

12 12 Configuring Virtual Hosts ServerAdmin webmaster@site1.example.com DocumentRoot /usr/local/www/data/site1 ServerName site1.test.sae.ws.afnog.org ErrorLog "/var/log/site1-error_log" # CustomLog "/var/log/site1-access_log" ServerAdmin webmaster@site2.example.com DocumentRoot /usr/local/www/data/site2 ServerName site2.test.sae.ws.afnog.org ErrorLog "/var/log/site2-error_log" # CustomLog "/var/log/site2-access_log"

13 13 Configuring Apache+mod_ssl Supplemental configuration  On the httpd.conf # Secure (SSL/TLS) connections Include etc/apache22/extra/httpd-ssl.conf (to be enabled in a later session)‏ # ee extra/httpd-ssl.conf

14 14 Configuring Apache+mod_ssl Supplemental configuration  On the httpd.conf # Secure (SSL/TLS) connections Include etc/apache22/extra/httpd-ssl.conf (to be enabled in a later session)‏ # ee extra/httpd-ssl.conf

15 15 Key Generation Generate a Private Key The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage. The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text. # openssl genrsa -des3 -out server.key 1024 Enter paraphrase Simple paraphrase

16 16 Generate a CSR (Certificate Signing Request)‏ Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. # openssl req -new -key server.key -out server.csr

17 17 Remove Passphrase from Key Apache will ask for the pass-phrase each time the web server is started # cp server.key server.key.org # openssl rsa -in server.key.org -out server.key

18 18 Generating a Self-Signed Certificate At this point you will need to generate a self-signed certificate because you either don't plan on having your certificate signed by a CA # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

19 19 Installing the Private Key and Certificate Ensure  server.crt  server.key Are in the Apache config directory

20 20 Configuring SSL Enabled Virtual Hosts edit /extra/httpd-ssl.conf SSLEngine on SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean- shutdown CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

21 21 Restart Apache and Test

Download ppt "1 Apache and Virtual Sites and SSL Dorcas Muthoni."

Similar presentations

HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.

HTTPS/SSL Oleh: Idris Winarno. Persiapan Pastikan repository debian # vim /etc/apt/sources.list deb etch main contrib non-freehttp://kebo.vlsm.org/debian.
Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.

Apache2 HTTPS. 1. Install webserver Apache # apt-get install apache2 2. Buat direktori untuk menyimpan file https # mkdir /var/www/secure 3. Instalasi.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Introduction to OpenSSL Jing Dalhousie University.

Introduction to OpenSSL Jing Dalhousie University.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Apache ssl Objectives Contents Practical Summary Setup Apache + ssl

Apache ssl Objectives Contents Practical Summary Setup Apache + ssl
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Apache Web Server Quick and Dirty Steve Gibbard for SANOG 16 (Originally by Joel Jaeggli for AfNOG 2007) ‏

Apache Web Server Quick and Dirty Steve Gibbard for SANOG 16 (Originally by Joel Jaeggli for AfNOG 2007) ‏
Configuring a Web Server. Overview  Understand how a Web server works  Install IIS (Internet Information Services) and Apache Web servers  Examine.

Configuring a Web Server. Overview  Understand how a Web server works  Install IIS (Internet Information Services) and Apache Web servers  Examine.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.

CP476 Internet Computing Browser and Web Server 1 Web Browsers A client software program that allows you to access and view Web pages on the Internet –Examples.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.

TLS/SSL Review. Transport Layer Security A 30-second history Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent.
SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)

SquirrelMail for Webmail AfNOG 2012 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Serrekunda, Gambia (Original Materials by Joelja)
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.

Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.

Similar presentations

Ads by Google