Installing SSL and Apache13-modssl

To Install Apache with modssl:

After the UpdatePorts, install apache as follows:

cd /usr/ports/security/openssl
make
make install
cd /usr/ports/www/apache13-modssl
make
make install

Create a self signed certificate initially:

openssl req -new -x509 -nodes -out /usr/local/etc/apache/ssl.crt/server.crt -keyout /usr/local/etc/apache/ssl.key/server.key -days 3650

Edit /usr/local/etc/apache/httpd.conf and set ServerName to the correct hostname.

To obtain a UW/IST signed certificate, visit The UW/IST Certificate Authority, then...

Edit /usr/local/etc/apache/httpd.conf and change:

SSLCertificateFile /usr/local/etc/apache/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/server.key

to:

SSLCertificateFile /usr/local/etc/apache/ssl.crt/uwserver.crt
SSLCertificateKeyFile /usr/local/etc/apache/ssl.key/uwserver.key

Save the public certificate to /usr/local/etc/apache/ssl.crt/uwserver.crt

Save the private key to /usr/local/etc/apache/ssl.key/uwserver.key

Add the following to /etc/rc.conf...

apache_enable="YES"
apache_flags="-DSSL"
apache_pidfile="/var/run/httpd.pid"

Restart apache to start using the new certificate...

/usr/local/etc/rc.d/apache.sh stop
/usr/local/etc/rc.d/apache.sh start

To allow cgi scripts, edit /usr/local/etc/apache/httpd.conf as follows

Add the ExecCGI options

Options Indexes FollowSymLinks MultiViews ExecCGI

uncomment

AddHandler cgi-script .cgi