SSL Tutorial #2: Configure Name-based Virtual Host for SSL on Apache with Scientific Linux 6 Web Server Installation


This tutorial aims at SL6/CentOS6 Web Server Installation and Apache.
If your server is with this configure, there is actually little effort to take. Otherwise more efforts will be required and you are suggested to look for other tutorials.

Copy SSL cert and key to corresponding directory

Copy SSL certificate files (.crt) to /etc/pki/tls/certs directory.
If your CA provide bundle cert file (-bundle.crt), copy it there as well.

Copy SSL key file (*.key) to /etc/pki/tls/certs directory.

Enable name-based virtual host

Edit /etc/httpd/conf.d/ssl.conf. There should already be a line:

Listen 443

Add another line below it:

NameVirtualHost *:443

Configure your virtual host

Add a site conf file under apache config dir (e.g. /etc/httpd/conf.d/mysite.conf). The configuration is basically the same as with port 80, with a few additional lines.

<VirtualHost *:443>
    DocumentRoot /var/www/html/mysite/blog
    ErrorLog logs/mysite_ssl_error_log
    TransferLog logs/mysite_ssl_access_log
    CustomLog logs/mysite_ssl_request_log \
    "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/mysite.crt
    SSLCertificateKeyFile /etc/pki/tls/private/mysite.key
    SSLCACertificateFile /etc/pki/tls/certs/myca-bundle.crt

If you don’t have bundle cert, then delete SSLCACertificateFile line.

That’s it!
Restart apache and it should work.

sudo service httpd restart

See Tutorial #3 on how to add browser exception for self-signed certs.


Leave a Comment

Your email address will not be published. Required fields are marked *