Re: https

[Andy Canfield <andycanfield@xxxxxxxxxx>]

Files:

-rw-r--r-- 1 root 859 Apr  3 11:45 /etc/apache2/ssl/crt/vhost1.crt

-rw-r--r-- 1 root 916 Apr  3 11:45 /etc/apache2/ssl/key/vhost1.key

So AFAIK I've got a certificate I've generated myself. Nobody vouches for me but it shoud enable encryption and make my TCP/IP packets hard to read.

Contents of /etc/apache2/ports.conf:
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
    Listen 443
</IfModule>
<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Files:

-rw-r--r-- 1 andy 1439 Apr  3 14:48 /etc/apache2/sites-available/default
-rw-r--r-- 1 andy 7485 Jun 16  2011 /etc/apache2/sites-available/default-ssl
-rw-r--r-- 1 root 7469 Feb  7  2012 /etc/apache2/sites-available/default-ssl.original
-rw-r--r-- 1 root  950 Feb  7  2012 /etc/apache2/sites-available/default.original

I see here that /etc/apache2/sites-available has one symbolic link to /etc/apache2/sites-available/default, and no symbolic links to any of the other entries in the sites-available directory. Also all the other entries in /etc/apache2/sites-available are symbolic links to configuration files such as

lrwxrwxrwx 1 root 21 May  6  2012 /etc/apache2/sites-enabled/opal.conf -> /www/opal/apache.conf

These links have been working fine for years as links into the site control directory and not into 'sites-available'. But perhaps that is wrong.

Maybe what I need is a symbolic link from sites-enabled to ../sites-available/default-ssl ? Nope, tested, did not solve the problem....

When I give this command (as root) -

    /etc/init.d/apache2 restart

I see only this output:

apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.112 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 192.168.1.112 for ServerName
                                                                            [ OK ]

But nmap still says that nothing is listening to port 443.

Thank you Oren.

On 04/03/2014 04:04 PM, Oren wrote:

Hi Andy.
Process basically include getting/creating a certificate, define it on your site and reload apache.
here is a centos manual which is not exactly the same on ubuntu but pretty much explains the order of things
http://wiki.centos.org/HowTos/Https

on ubuntu you will have to open the 443 port
<IfModule mod_ssl.c>
    Listen 443
</IfModule>

once the https is ready, you can do a redirect to the https site from http. (with mod_rewrite)

do you have logs or any information on what is not working?

Oren

On 04/03/2014 11:39 AM, Andy Canfield wrote:

I have been using apache for maybe ten years now, and maintain two
servers in addition to the apache on my notebook computer for testing.
All using Ubuntu Linux *.04 LTS. It now appears that I ought to convert
from http to https.

But the documentation is insane. A piece here, a piece there, have to do
X (but first? and afterwards?). Assuming everything is else is OK, this
is way you edit this line in VirtualHost file (there is no
"/etc/apache2/.../VirtualHost" file!)

I figure that I need to do it in two steps:
[1] Get the https version up and running, and
[2] Make the http version automatically switch to https.

But I can't get https working at all, for anything. There's a "Listen
443" in /etc/apache2/ports.conf but 'nmap localhost' says 443 is a
closed port.

Has anybody else ever converted a hosted site from http to https? What
did you have to do to get the secure one working?


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


.