Configuring mod-SSL

The SSL module comes with apache2, this will be simplified our work. In order to know if already is enabled:

#> if [ -h /etc/apache2/mods-enabled/ssl.load ]; then echo "enabled module";else echo "disabled module"; fi


To enabled it we will do it following:

#>ln -s /etc/apache2/mods-available/ssl.conf /etc/apache2/mods-enabled/ssl.conf
#>ln -s /etc/apache2/mods-available/ssl.load /etc/apache2/mods-enabled/ssl.load


This will enable the module in apache2 and will be able to be used after restarting the server with:

#>/etc/init.d/apache2 restart


If only want a secure configuration, we will make this in /etc/apache2/sites-available, gosa-SSL:

NameVirtual *:443
<VirtualHost *:443>
ServerName gosa.chaosdimension.org
alias /gosa /usr/share/gosa/html
DocumentRoot /var/www/gosa.chaosdimension.org
CustomLog /var/log/apache/gosa.log combined
ErrorLog /var/log/apache/gosa.log
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/gosa.cert
SSLCertificateKeyFile /etc/apache2/ssl/gosa.key
SSLCertificateChainFile /etc/apache2/ssl/gosa.cert
SSLCertificateKeyFile /etc/apache2/ssl/gosa.key
SSLCACertificateFile /etc/apache2/ssl/gosa.ca
SSLCACertificatePath /etc/apache2/ssl/
SSLLogLevel error
SSLLog /var/log/apache2/ssl-gosa.log
</VirtualHost>


For a secure communication in which we verified the certificate of the client:
NameVirtual *:443
<VirtualHost *:443>
ServerName gosa.chaosdimension.org
alias /gosa /usr/share/gosa/html
DocumentRoot /var/www/gosa.chaosdimension.org
CustomLog /var/log/apache/gosa.log combined
ErrorLog /var/log/apache/gosa.log
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/gosa.cert
SSLCertificateKeyFile /etc/apache2/ssl/gosa.key
SSLCertificateChainFile /etc/apache2/ssl/gosa.cert
SSLCertificateKeyFile /etc/apache2/ssl/gosa.key
SSLCACertificateFile /etc/apache2/ssl/gosa.ca
SSLCACertificatePath /etc/apache2/ssl/
SSLLogLevel error
SSLLog /var/log/apache2/ssl-gosa.log
<Directory /usr/share/gosa >
SSLVerifyClient require
SSLVerifyDepth 1
</Directory>
</VirtualHost>


aescanero AT gmail.com