We will show the steps of installing SSL on Apache 2.0 in Linux/Unix systems. Although by using cygwin to run Unix programs on windows, Apache 2.0 is more secure running on Unix or Linux systems.

System description: we use Red Hat Linux 9.0 in our example.

Apache Directories

In Red Hat Linux, Apache 2.0 is installed in multiple directories:

1. /etc/httpd/conf -- Includes all the Apache configuration files.

2. /etc/rc.d/ -- Contains apache start up and stop scripts.

3. /var/www ? Contains default server icons, CGI programs, and HTML files.

4. /var/www/html/manual ? This includes Apache manual pages.

5. /usr/share/man ? This contains Red Hat RPM manual.

6. /usr/sbin ? This contains executables.

7. /usr/bin ? Some of the utilities from the apache are placed here.

8. /var/log/httpd ? This contains server log files.

9. /usr/src/redhat/SOURCES/ -- This may contain a tar archive which is the Apache source code.

Because Apache has current version 2.0.54, we install apache from source.

Apache SSL relies on OpenSSL, a free software that is installed by Red Hat Linux. If your Unix/Linux system has not installed OpenSSL, you have to download and install it from http://www.openssl.org

Current version is OpenSSL 0.9.7g. You need install current version of OpenSSL.

Here are the steps to install OpenSSL:

Change to user root

tar xvfz openssl-0.9.7g.tar.gz

mv openssl-0.9.7g /usr/local/src/

cd /usr/local/src/openssl-0.9.7g

./config

make

make test

make install

And OpenSSL will be in /usr/local/ssl folder.

Now you can install Apache2 following steps as follows. We assume that your Apache 2 downloaded file is httpd-2.0.54.tar.gz and you have checked signature of httpd-2.0.54.tar.gz using PGP or MD5.

Change to root user

tar xvfz httpd-2.0.54.tar.gz

cd httpd-2.0.54

./configure --prefix=/usr/local/apache2 --enable-so \
--enable-rewrite --enable-ssl --with-ssl=/usr/local/ssl --enable-proxy

make

make install

Apache2 will be in folder /usr/local/apache2.

Apache file locations:

/usr/local/apache2/conf -- This contains apache configuration files and some sub directories.

/usr/local/apache2 ? This contains cgi-bin, icons, and htdocs subdirectories.

/usr/local/apache2/bin ? This contains executable programs.

/usr/local/apache2/logs ? The server log files directories are located here, such as access_log and error_log.

If your operating system did not include mod_ssl, you may also need to compile Apache 2.0 from source.

Create Test Certificate

First you need to create your key
openssl genrsa -des3 -out usanalyst.com.key 2048
You will be asked to provide a passphrase. The key will be created in the directory you're in.

According to HowTo document of openssl, you can create a self-signed test certificate by using following command

openssl req -new -x509 -key usanalyst.com.key -out mycert.crt -days 1095

This will create a self-signed certificate mycert.crt using Key pairs in usanalyst.com.key. The certificate is valid for 3 years.

Now add the statement

Listen 443

below other Listen statement (usually under statement Listen 80) in httpd.conf file.

This way Apache can listen https server.

SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/usanalyst.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/usanalyst.com.key

Save httpd.conf and restart Apache 2. You should be able to access SSL by typing:

https://localhost/

Summary

In this article, you have learned how to set up SSL with Apache 2 on Unix/Linux. We have left the detail of importing CA certificates. Those steps are in CA's documents when you buy root certificates from CAs. Many sites provides root certificates. One place you can buy inexpensive Root Certificate is godaddy.com.