Return-Path: Delivered-To: apmail-httpd-users-archive@www.apache.org Received: (qmail 43820 invoked from network); 29 Aug 2008 11:53:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 29 Aug 2008 11:53:09 -0000 Received: (qmail 22315 invoked by uid 500); 29 Aug 2008 11:52:57 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 22304 invoked by uid 500); 29 Aug 2008 11:52:57 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 22293 invoked by uid 99); 29 Aug 2008 11:52:56 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Aug 2008 04:52:56 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of agnello.dsouza@gmail.com designates 74.125.44.157 as permitted sender) Received: from [74.125.44.157] (HELO yx-out-1718.google.com) (74.125.44.157) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Aug 2008 11:51:57 +0000 Received: by yx-out-1718.google.com with SMTP id 3so457802yxi.84 for ; Fri, 29 Aug 2008 04:52:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=zSnKelGYhhrqaUrNpwEommPt9qtDroZ+LND7GqKYusc=; b=FtBw5BKA4cdScBbn5AE873fZvmjGrPPuRR7a0XO5GiJ8yPxICEpjCfOTydxUUX2P73 ebah5pe9Ul9+rDD0xJP/izir+Hsw9xTuLQ2ahwvCXnAgNdIQlQquxWq89dX+xNBYFmo3 P6KZRGNUvTgYG8ndiRmXnQGCighbY7UgEcLUY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=dLs3IIAl77Pj6ISiK8TZrhFCnuNik18Dfa6csVol5nAGPRoGS2FEbqm/ncVcHgSCD9 947LyMT21c2pR7rs3ZVIwANcsK2g66oqAJc7GO6+f+N+NCE8sUS6RVv+GAIEQ7AaZMdy qpv9zfu9llLyuacBc7BkVpGmI6LD80N7dVH6M= Received: by 10.151.48.20 with SMTP id a20mr2243225ybk.227.1220010746660; Fri, 29 Aug 2008 04:52:26 -0700 (PDT) Received: by 10.150.218.11 with HTTP; Fri, 29 Aug 2008 04:52:26 -0700 (PDT) Message-ID: <8c6878890808290452w5443abbej3c89390cf00889f4@mail.gmail.com> Date: Fri, 29 Aug 2008 17:22:26 +0530 From: "Agnello George" To: users@httpd.apache.org In-Reply-To: <61A49EACE4B520449427D0FF6DB5E76006874AEA@exlbrmb07.lac.nsroot.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <61A49EACE4B520449427D0FF6DB5E76006874AEA@exlbrmb07.lac.nsroot.net> X-Virus-Checked: Checked by ClamAV on apache.org Subject: Re: [users@httpd] How to start Apache automatically with certificate? On 8/28/08, Tan, Liao wrote: > Folks, > Pls gimme some direction on how to start apache (already with the https certificate installed)automatically,that means, without informing manually the passwords, phrase? > Here is a little documention i had worked out ( just check it out and let me know if its helpful !! Apache : mod_ssl for virtual hosting 1. The apache server should be compiled with mod_ssl enabled,. You can check this in the httpd.conf file LoadModule ssl_module modules/mod_ssl.so 2. Make the followin directory structure mkdir /usr/local/apache2/conf/domains_ssl/ mkdir /usr/local/apache2/conf/domains_ssl/nokia.com/ 3. once this is done create your self-signed ssl certificate and your ssl private key using the openssl toolkit. ( for production purpose you may want to purchase your certificate) ( in orde that apache should not ask for a password when it restart we do the following ) cd /usr/local/apache2/conf/domains_ssl/agnello.com/ ------> your location of the keys for domain agnello Step 1: Generate Private Key openssl genrsa -des3 -out server.key 1024 ( N.B: make sure that that the CN matches that of the domain name ) Step 2: Generate CSR openssl req -new -key server.key -out server.csr Step 3: Remove Passphrase cp server.key server.key.org openssl rsa -in server.key.org -out server.key Step 4: Sign the Certificate openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt you would have the follwing keys generated. server.crt server.csr server.key server.key.org Once this is done go to the very last line in the httpd.conf file ( add the following if not already there ) Listen 443 SSLRandomSeed startup builtin SSLRandomSeed connect builtin now in the httpd-vhost.conf file ( /usr/local/apache2/conf/extra/httpd-vhosts.conf ) add the following NameVirtualHost 192.168.0.244:443 ServerAdmin admin@agnello.sys.qualiproj.com ServerName agnello.sys.qualiproj.qualispace.com ServerAlias www.agnello.sys.qualiproj.qualispace.com DocumentRoot /websites/agnello.com/web SSLEngine on SSLCertificateKeyFile /usr/local/apache2/conf/domains_ssl/agnello.com/server.key SSLCertificateFile /usr/local/apache2/conf/domains_ssl/agnello.com/server.crt ErrorLog /websites/agnello.com/logs/agnello.sys.qualiproj.error_log CustomLog /websites/agnello.com/logs/agnello.sys.qualiproj.access_log common Now you can restart apache . it will not prompt you for a password . Now view you site https://domain.com -- Regards Agnello D'souza www.linux-vashi.blogspot.com www.bible-study-india.blogspot.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org