Operation Manual
20.6.2 Conguring Apache with SSL
The default port for SSL and TLS requests on the Web server side is 443. There is no
conict between a “regular” Apache listening on port 80 and an SSL/TLS-enabled
Apache listening on port 443. In fact, HTTP and HTTPS can be run with the same
Apache instance. Usually separate virtual hosts are used to dispatch requests to port 80
and port 443 to separate virtual servers.
IMPORTANT: Firewall Conguration
Do not forget to open the rewall for SSL-enabled Apache on port 443. This
can be done with YaST as described in Section “Conguring the Firewall with
YaST” (Chapter 13, Masquerading and Firewalls, ↑Security Guide).
The SSL module is enabled by default in the global server conguration. In case it has
been disabled on your host, activate it with the following command: a2enmod ssl.
To nally enable SSL, the server needs to be started with the ag “SSL”. To do so, call
a2enflag SSL. If you have chosen to encrypt your server certicate with a password,
you should also increase the value for APACHE_TIMEOUT in /etc/sysconfig/
apache2, so you have enough time to enter the passphrase when Apache starts. Restart
the server to make these changes active. A reload is not sufcient.
The virtual host conguration directory contains a template /etc/apache2/vhosts
.d/vhost-ssl.template with SSL-specic directives that are extensively docu-
mented. Refer to Section 20.2.2.1, “Virtual Host Conguration” (page 365) for the
general virtual host conguration.
To get started, copy the template to /etc/apache2/vhosts.d/mySSL-host
.conf and edit it. Adjusting the values for the following directives should be sufcient:
•
DocumentRoot
•
ServerName
•
ServerAdmin
•
ErrorLog
•
TransferLog
The Apache HTTP Server 395